def tp_single_cookie(config_id): """ View to render the third party iframe and track the user via cookies. """ check_referer(request, URLS['TP_URL']) # Ensures the cookie is of the right length (based on the configuration) config_cookie_length = implicit_user_login(User, config_id).cookie_size # Gets what the third party perceives to be a user (based on the cookie it sets) uuid = request.cookies.get('id') trackable_user = implicit_user_login(TrackableUUID, uuid, config_cookie_length) # Generates a history log to display to a manual viewer of the site (so they can see the tracking in action) log_site_visit(History, request.referrer, trackable_user, request.access_route[0]) recent_history = generate_recent_history(History, trackable_user, 10) if uuid is not None: # Sets the benchmark result of the recently visited site redis_set_benchmark_recent_site(config_id, '2', request.referrer) response = make_response( render_template(THIRD_PARTY_SINGLE_TEMPLATE, history_log=recent_history, current_url=request.url_root, cookie_id=uuid)) # Sets a cookie for the user if not done before if uuid is None: response = append_cookie(response, trackable_user.uuid) return response
def tp_split_1(config_id): """ Iframed split third party URL which records the first segment of the cookie (used to identify the user) """ check_referer(request, URLS['TP_SPLIT_URL_1']) # Ensures the cookie is of the right length (based on the configuration) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size # Gets what the third party perceives to be a first segment of the user (based on the cookie segment it sets) uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_1 = SplitTrackableUUID1.get_or_create( uuid, config_cookie_length) # Logs the site visited for this segment log_site_visit(SplitHistoryBase1, request.referrer, trackable_uuid_1, request.access_route[0]) redis_register_split('1', request.access_route[0], trackable_uuid_1.uuid, request.referrer) response = make_response( render_template(THIRD_PARTY_SPLIT_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=request.referrer, index=1, config_id=config_id)) # Sets a cookie for this segment if not done before if uuid is None: response = append_cookies(response, 'id', trackable_uuid_1.uuid) return response
def tp_split_2(config_id): """ Iframed split third party URL which records the second segment of the cookie (used to identify the user) Functions similar to tp_split_1 above. """ check_referer(request, URLS['TP_SPLIT_URL_2']) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size time.sleep(0.4) uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_2 = SplitTrackableUUID2.get_or_create( uuid, config_cookie_length) log_site_visit(SplitHistoryBase2, request.referrer, trackable_uuid_2, request.access_route[0]) redis_register_split('2', request.access_route[0], trackable_uuid_2.uuid, request.referrer) response = make_response( render_template(THIRD_PARTY_SPLIT_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=request.referrer, index=2, config_id=config_id)) if uuid is None: response = append_cookies(response, 'id', trackable_uuid_2.uuid) return response
def tp_split_chain_3(config_id, cookie_id): """ Iframed chained third party URL which records the third segment of the cookie (used to identify the user) Functions similar to tp_split_1 above. """ check_referer(request, URLS['TP_SPLIT_URL_3']) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_3 = SplitTrackableUUID3.get_or_create( uuid, config_cookie_length) # Builds up the cookie by appending the fist and second cookie segments to the third to create a combined string if cookie_id != 'None' and uuid is not None: cookie_id += uuid site = request.args.get('ref', None) response = make_response( render_template(THIRD_PARTY_SPLIT_CHAIN_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=site, index=3, combined_id=cookie_id, config_id=config_id)) if uuid is None: response = append_cookies(response, 'id', trackable_uuid_3.uuid) return response
def tp_split_chain_1(config_id): """ Iframed chained third party URL which records the first segment of the cookie (used to identify the user) Functions similar to tp_split_1 above. """ check_referer(request, URLS['TP_SPLIT_URL_1']) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_1 = SplitTrackableUUID1.get_or_create( uuid, config_cookie_length) response = make_response( render_template(THIRD_PARTY_SPLIT_CHAIN_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=request.referrer, index=1, combined_id=uuid, config_id=config_id)) if uuid is None: response = append_cookies(response, 'id', trackable_uuid_1.uuid) return response
def tp_split_super_chain_1(config_id): check_referer(request, URLS['TP_SPLIT_SUPER_URL_1']) config_cookie_length = implicit_user_login( User, config_id).local_storage_split_super_cookie_size next_site = URLS[ 'TP_SPLIT_SUPER_URL_1'] + 'tp-split-super-chain-1-data/' + config_id response = make_response( render_template(THIRD_PARTY_SPLIT_CHAIN_SUPER_COOKIE_TEMPLATE, current_url=request.url_root, next_site=next_site, safe_referer=request.referrer, config_cookie_length=config_cookie_length, combined_id="")) return response
def fp_malicious_record(config_id): """ Function to record the external link the user licked on before redirecting to the site they intended. :return: redirect to the external link the user intended to click on. """ config_user = User.query.filter_by(uuid=config_id).first_or_404() fp_uuid = request.cookies.get('id') fp_user = implicit_user_login(FirstPartyUUID, fp_uuid, config_user.first_party_cookie_size) site = unquote(request.args.get('id', None)) log_site_visit(FirstPartyClickHistory, site, fp_user, request.access_route[0]) return redirect(site)
def config_checkbox(): """ This view loads the configuration page and handles the form. :return: HTTP response for the configuration page. """ # Gets the user check_referer(request, URLS['CONFIG_URL']) uuid = request.cookies.get('id') user = implicit_user_login(User, uuid) form = TrackerForm(meta={'csrf': False}) # Sets up the form with the users current configuration settings preselected if request.method == 'GET': form.tracker.default = user.mode form.tracker.data = user.mode form.first_party_cookie_size.data = user.first_party_cookie_size form.first_party_cookie_size.default = user.first_party_cookie_size form.cookie_size.default = user.cookie_size form.cookie_size.data = user.cookie_size form.split_cookie_size.default = user.split_cookie_size form.split_cookie_size.data = user.split_cookie_size form.local_storage_super_cookie_size.default = user.local_storage_super_cookie_size form.local_storage_super_cookie_size.data = user.local_storage_super_cookie_size form.local_storage_split_super_cookie_size.default = user.local_storage_split_super_cookie_size form.local_storage_split_super_cookie_size.data = user.local_storage_split_super_cookie_size # Changes the users configuration based on the settings chosen in the form elif form.validate_on_submit(): user.mode = form.tracker.data user.first_party_cookie_size = form.first_party_cookie_size.data user.cookie_size = form.cookie_size.data user.split_cookie_size = form.split_cookie_size.data user.local_storage_super_cookie_size = form.local_storage_super_cookie_size.data user.local_storage_split_super_cookie_size = form.local_storage_split_super_cookie_size.data db.session.commit() response = make_response( render_template(CONFIG_TEMPLATE, urls=URLS, form=form, user=user, config_id=user.uuid)) if uuid is None: response = append_cookie(response, user.uuid) return response
def tp_split_chain_master(config_id, cookie_id): """ Iframed chained third party URL which records the third segment of the cookie (used to identify the user) Functions similar to tp_split_1 above. """ check_referer(request, URLS['TP_SPLIT_URL_4']) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_4 = SplitTrackableUUID4.get_or_create( uuid, config_cookie_length) trackable = False site = unquote(request.args.get('ref', None)) # Builds up the completed cookie by appending the fist, second and third cookie segments to the fourth to create a # unique identifier if cookie_id != 'None' and uuid is not None: cookie_id += uuid trackable = True redis_set_benchmark_recent_site(config_id, '4', site) # Records the site visited by what the third party perceives as the unique user (from the combined string) joined_user = JoinedTrackableUUID.get_or_create(cookie_id) log_site_visit(JoinedHistory, site, joined_user, request.referrer) recent_history = generate_recent_history(JoinedHistory, joined_user, 10) response = make_response( render_template(THIRD_PARTY_CHAIN_MASTER_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, history_log=recent_history, index=4, combined_id=cookie_id, trackable=trackable, config_id=config_id)) # Sets a cookie for this combined string which identifies a user if not done before if uuid is None: response = append_cookies(response, 'id', trackable_uuid_4.uuid) return response
def fp_malicious(url, config_id): """ View to display the malicious first party sites page. This shows a recently clicked external link history log. Manual users can thus see the external links that have been tracked. :param url: The correct malicious first party site to load :return: HTTP response for the first party malicious site """ config_user = User.query.filter_by(uuid=config_id).first_or_404() fp_uuid = request.cookies.get('id') fp_user = implicit_user_login(FirstPartyUUID, fp_uuid, config_user.first_party_cookie_size) url_fp1 = URLS['FP_URL_1'] + 'fp-1/' + config_id url_fp2 = URLS['FP_URL_2'] + 'fp-2/' + config_id url_fp3 = URLS['FP_URL_3'] + 'fp-3/' + config_id url_malicious = generate_record_url(url) # generates history table of the externally clicked sites recent_history = generate_recent_history(FirstPartyClickHistory, fp_user, 10) response = make_response( render_template(FIRST_PARTY_MALICIOUS_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id, url_fp1=url_fp1, url_fp2=url_fp2, url_fp3=url_fp3, url_malicious=url_malicious, history_log=recent_history)) # Creates a cookie if none existed if fp_uuid is None: response = append_cookie(response, fp_user.uuid) return response
def tp_super_cookie(config_id): """ Iframed website by the first party which in its client side template, generates a super cookie (by localStorage). It then redirects to the view function above which records the user with this client side UUID. :return: HTTP response which generates a localStorage super cookie if not already set via javascipt (see the template) and then redirects to a new URL to transfer this client side cookie to server side. """ check_referer(request, URLS['TP_SUPER_COOKIE_URL']) config_cookie_length = implicit_user_login( User, config_id).local_storage_super_cookie_size # The site to redirect to. next_site = URLS[ 'TP_SUPER_COOKIE_URL'] + 'tp-super-cookie-data/' + config_id response = make_response( render_template(THIRD_PARTY_SUPER_COOKIE_TEMPLATE, current_url=request.url_root, next_site=next_site, safe_referer=request.referrer, config_cookie_length=config_cookie_length)) return response
def start_benchmark(): """ Starts the benchmark by going the the start of the nested loop :return: HTTP response for the start of the nested redirect loop found in the benchmark package/ """ check_referer(request, URLS['CONFIG_URL']) uuid = request.cookies.get('id') user = implicit_user_login(User, uuid) # Starts testing from the first mode user.mode = '1' # Clears the most recent benchmark results in preparation for the new benchmark user.first_party_test_result = 'Untested' user.third_party_test_result = 'Untested' user.third_party_split_result = 'Untested' user.third_party_split_chain_result = 'Untested' user.third_party_super_cookie_result = 'Untested' user.third_party_split_super_cookie_result = 'Untested' db.session.commit() # returns the HTTP redirect response for the starting benchmark loop return redirect(URLS['FP_URL_1'] + 'benchmark/' + user.uuid + '/' + user.mode + '/0')
def config_switch(url, config_id): """ Depending on the configuration mode, loads the correct version of the first party sites (with the correct tracking). :param url: The correct malicious first party site to load. :param config_id: The configuration id so we can load the correct version of the site (according to tracking preference). :return: HTTP response for the first party site """ check_referer(request, url + config_id) config_user = User.query.filter_by(uuid=config_id).first_or_404() # Generates the history log for first party only tracking fp_uuid = request.cookies.get('id') fp_user = implicit_user_login(FirstPartyUUID, fp_uuid, config_user.first_party_cookie_size) log_site_visit(FirstPartyHistory, request.url, fp_user, request.access_route[0]) recent_history = generate_recent_history(FirstPartyHistory, fp_user, 10) # Sets the recently visited site for the benchmark redis_set_benchmark_recent_site(config_id, '1', request.url) # Chooses the correct tracking mode based on what the user wants to test out if config_user.mode == '1': response = make_response( render_template(FIRST_PARTY_ONLY_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id, history_log=recent_history)) elif config_user.mode == '2': response = make_response( render_template(FIRST_PARTY_AND_THIRD_PARTY_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) elif config_user.mode == '3': response = make_response( render_template(FIRST_PARTY_AND_THIRD_PARTY_SPLIT_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) elif config_user.mode == '4': response = make_response( render_template(FIRST_PARTY_AND_THIRD_PARTY_SPLIT_CHAIN_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) elif config_user.mode == '5': response = make_response( render_template(FIRST_PARTY_AND_THIRD_PARTY_SUPER_COOKIE_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) elif config_user.mode == '6': response = make_response( render_template( FIRST_PARTY_AND_THIRD_PARTY_SPLIT_CHAIN_SUPER_COOKIE_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) else: response = redirect_config() # Creates a cookie if none existed (for first party tracking mode 1 only) if fp_uuid is None: response = append_cookie(response, fp_user.uuid) return response