URL manipulation, also called URL rewriting, is the process of altering (often automatically by means of a program written for that purpose) the parameters in a URL (Uniform Resource Locator).
URL manipulation can be employed as a convenience by a Web server administrator, or for nefarious purposes by a hacker. An example of the constructive use of this technique is allowing an Internet user to access a Web site that has a complicated URL by entering a simpler URL into the address bar of a Web browser. The URL manipulation redirects the request so the user does not have to remember, manually enter, or meticulously cut and paste a long, arcane character string. An example of malicious URL manipulation is its implementation, without the knowledge of the affected server administrator or Internet user, for the purpose of redirecting user requests from a legitimate site to an illegitimate site. The bogus site may then install rogue code on the user's hard drive.
URL manipulation differs from URL poisoning , also known as location poisoning. That is a method of tracking Web user behavior by automatically adding an identification (ID) number to the URL line of the Web browser when a user visits a particular site. This ID number can then be used to determine which pages on the site the user visits thereafter.