def tp_master(config_id, index): """ Iframed master website view which creates a cookie from the four segments and logs the visit for the user :param index: which split URL called this master URL :return: HTTP response for this master URL website """ check_referer(request, URLS['TP_MASTER_URL']) ip = request.access_route[0] site = unquote(request.args.get('id', None)) # Doesn't render this history view template until the other segments of the cookie (index 1-3) are loaded. if index != '4': return render_template(THIRD_PARTY_MASTER_TEMPLATE) # Creates a cookie based on the four separate segments concatenated together. joined_uuid = redis_retrieve_join(ip, site) if joined_uuid is None: return render_template(THIRD_PARTY_MASTER_TEMPLATE) # Logs the visited site by the joined user (from the separate segments), and generates the history table to display # to manual people using the benchmark site joined_user = JoinedTrackableUUID.get_or_create(joined_uuid) log_site_visit(JoinedHistory, site, joined_user, ip) recent_history = generate_recent_history(JoinedHistory, joined_user, 10) # Records the recently visited site fot the benchmark redis_set_benchmark_recent_site(config_id, '3', site) return render_template(THIRD_PARTY_MASTER_TEMPLATE, history_log=recent_history, trackable=True, uuid=joined_uuid)
def tp_single_cookie(config_id): """ View to render the third party iframe and track the user via cookies. """ check_referer(request, URLS['TP_URL']) # Ensures the cookie is of the right length (based on the configuration) config_cookie_length = implicit_user_login(User, config_id).cookie_size # Gets what the third party perceives to be a user (based on the cookie it sets) uuid = request.cookies.get('id') trackable_user = implicit_user_login(TrackableUUID, uuid, config_cookie_length) # Generates a history log to display to a manual viewer of the site (so they can see the tracking in action) log_site_visit(History, request.referrer, trackable_user, request.access_route[0]) recent_history = generate_recent_history(History, trackable_user, 10) if uuid is not None: # Sets the benchmark result of the recently visited site redis_set_benchmark_recent_site(config_id, '2', request.referrer) response = make_response( render_template(THIRD_PARTY_SINGLE_TEMPLATE, history_log=recent_history, current_url=request.url_root, cookie_id=uuid)) # Sets a cookie for the user if not done before if uuid is None: response = append_cookie(response, trackable_user.uuid) return response
def tp_split_1(config_id): """ Iframed split third party URL which records the first segment of the cookie (used to identify the user) """ check_referer(request, URLS['TP_SPLIT_URL_1']) # Ensures the cookie is of the right length (based on the configuration) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size # Gets what the third party perceives to be a first segment of the user (based on the cookie segment it sets) uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_1 = SplitTrackableUUID1.get_or_create( uuid, config_cookie_length) # Logs the site visited for this segment log_site_visit(SplitHistoryBase1, request.referrer, trackable_uuid_1, request.access_route[0]) redis_register_split('1', request.access_route[0], trackable_uuid_1.uuid, request.referrer) response = make_response( render_template(THIRD_PARTY_SPLIT_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=request.referrer, index=1, config_id=config_id)) # Sets a cookie for this segment if not done before if uuid is None: response = append_cookies(response, 'id', trackable_uuid_1.uuid) return response
def tp_split_2(config_id): """ Iframed split third party URL which records the second segment of the cookie (used to identify the user) Functions similar to tp_split_1 above. """ check_referer(request, URLS['TP_SPLIT_URL_2']) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size time.sleep(0.4) uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_2 = SplitTrackableUUID2.get_or_create( uuid, config_cookie_length) log_site_visit(SplitHistoryBase2, request.referrer, trackable_uuid_2, request.access_route[0]) redis_register_split('2', request.access_route[0], trackable_uuid_2.uuid, request.referrer) response = make_response( render_template(THIRD_PARTY_SPLIT_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=request.referrer, index=2, config_id=config_id)) if uuid is None: response = append_cookies(response, 'id', trackable_uuid_2.uuid) return response
def tp_split_chain_1(config_id): """ Iframed chained third party URL which records the first segment of the cookie (used to identify the user) Functions similar to tp_split_1 above. """ check_referer(request, URLS['TP_SPLIT_URL_1']) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_1 = SplitTrackableUUID1.get_or_create( uuid, config_cookie_length) response = make_response( render_template(THIRD_PARTY_SPLIT_CHAIN_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=request.referrer, index=1, combined_id=uuid, config_id=config_id)) if uuid is None: response = append_cookies(response, 'id', trackable_uuid_1.uuid) return response
def tp_split_chain_3(config_id, cookie_id): """ Iframed chained third party URL which records the third segment of the cookie (used to identify the user) Functions similar to tp_split_1 above. """ check_referer(request, URLS['TP_SPLIT_URL_3']) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_3 = SplitTrackableUUID3.get_or_create( uuid, config_cookie_length) # Builds up the cookie by appending the fist and second cookie segments to the third to create a combined string if cookie_id != 'None' and uuid is not None: cookie_id += uuid site = request.args.get('ref', None) response = make_response( render_template(THIRD_PARTY_SPLIT_CHAIN_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=site, index=3, combined_id=cookie_id, config_id=config_id)) if uuid is None: response = append_cookies(response, 'id', trackable_uuid_3.uuid) return response
def fp_malicious_3(config_id): """ The malicious first party website number 3. :return: the HTTP template for the first party site OR a redirect to the configuration page (if first time user of the benchmark). """ if config_id is None: return redirect_config() else: check_referer(request, URLS['FP_URL_MALICIOUS_3'] + config_id) return fp_malicious(URLS['FP_URL_MALICIOUS_3'], config_id)
def fp_2(config_id): """ The first party website number 2. :return: the HTTP template for the first party site OR a redirect to the configuration page (if first time user of the benchmark). """ if config_id is None: return redirect_config() else: check_referer(request, URLS['FP_URL_2'] + config_id) return config_switch(URLS['FP_URL_2'], config_id)
def tp_split_super_chain_1_data(config_id, uuid): check_referer(request, URLS['TP_SPLIT_SUPER_URL_1']) site = unquote(request.args.get('id', None)) response = make_response( render_template(THIRD_PARTY_SPLIT_CHAIN_SUPER_COOKIE_DATA_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, safe_referer=site, index=1, combined_id=uuid, config_id=config_id)) return response
def tp_split_super_chain_1(config_id): check_referer(request, URLS['TP_SPLIT_SUPER_URL_1']) config_cookie_length = implicit_user_login( User, config_id).local_storage_split_super_cookie_size next_site = URLS[ 'TP_SPLIT_SUPER_URL_1'] + 'tp-split-super-chain-1-data/' + config_id response = make_response( render_template(THIRD_PARTY_SPLIT_CHAIN_SUPER_COOKIE_TEMPLATE, current_url=request.url_root, next_site=next_site, safe_referer=request.referrer, config_cookie_length=config_cookie_length, combined_id="")) return response
def config_checkbox(): """ This view loads the configuration page and handles the form. :return: HTTP response for the configuration page. """ # Gets the user check_referer(request, URLS['CONFIG_URL']) uuid = request.cookies.get('id') user = implicit_user_login(User, uuid) form = TrackerForm(meta={'csrf': False}) # Sets up the form with the users current configuration settings preselected if request.method == 'GET': form.tracker.default = user.mode form.tracker.data = user.mode form.first_party_cookie_size.data = user.first_party_cookie_size form.first_party_cookie_size.default = user.first_party_cookie_size form.cookie_size.default = user.cookie_size form.cookie_size.data = user.cookie_size form.split_cookie_size.default = user.split_cookie_size form.split_cookie_size.data = user.split_cookie_size form.local_storage_super_cookie_size.default = user.local_storage_super_cookie_size form.local_storage_super_cookie_size.data = user.local_storage_super_cookie_size form.local_storage_split_super_cookie_size.default = user.local_storage_split_super_cookie_size form.local_storage_split_super_cookie_size.data = user.local_storage_split_super_cookie_size # Changes the users configuration based on the settings chosen in the form elif form.validate_on_submit(): user.mode = form.tracker.data user.first_party_cookie_size = form.first_party_cookie_size.data user.cookie_size = form.cookie_size.data user.split_cookie_size = form.split_cookie_size.data user.local_storage_super_cookie_size = form.local_storage_super_cookie_size.data user.local_storage_split_super_cookie_size = form.local_storage_split_super_cookie_size.data db.session.commit() response = make_response( render_template(CONFIG_TEMPLATE, urls=URLS, form=form, user=user, config_id=user.uuid)) if uuid is None: response = append_cookie(response, user.uuid) return response
def tp_split_chain_master(config_id, cookie_id): """ Iframed chained third party URL which records the third segment of the cookie (used to identify the user) Functions similar to tp_split_1 above. """ check_referer(request, URLS['TP_SPLIT_URL_4']) config_cookie_length = implicit_user_login(User, config_id).split_cookie_size uuid = get_uuid_from_cookies(request, 'id', config_cookie_length) trackable_uuid_4 = SplitTrackableUUID4.get_or_create( uuid, config_cookie_length) trackable = False site = unquote(request.args.get('ref', None)) # Builds up the completed cookie by appending the fist, second and third cookie segments to the fourth to create a # unique identifier if cookie_id != 'None' and uuid is not None: cookie_id += uuid trackable = True redis_set_benchmark_recent_site(config_id, '4', site) # Records the site visited by what the third party perceives as the unique user (from the combined string) joined_user = JoinedTrackableUUID.get_or_create(cookie_id) log_site_visit(JoinedHistory, site, joined_user, request.referrer) recent_history = generate_recent_history(JoinedHistory, joined_user, 10) response = make_response( render_template(THIRD_PARTY_CHAIN_MASTER_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, history_log=recent_history, index=4, combined_id=cookie_id, trackable=trackable, config_id=config_id)) # Sets a cookie for this combined string which identifies a user if not done before if uuid is None: response = append_cookies(response, 'id', trackable_uuid_4.uuid) return response
def tp_split_super_chain_master_data(config_id, uuid): check_referer(request, URLS['TP_SPLIT_SUPER_URL_4']) site = unquote(request.args.get('id', None)) joined_user = JoinedTrackableUUID.get_or_create(uuid) log_site_visit(JoinedHistory, site, joined_user, request.referrer) redis_set_benchmark_recent_site(config_id, '6', site) recent_history = generate_recent_history(JoinedHistory, joined_user, 10) response = make_response( render_template(THIRD_PARTY_CHAIN_MASTER_TEMPLATE, current_url=request.url_root, urls=URLS, cookie_id=uuid, history_log=recent_history, index=4, combined_id=uuid, trackable=True, config_id=config_id)) return response
def tp_super_cookie(config_id): """ Iframed website by the first party which in its client side template, generates a super cookie (by localStorage). It then redirects to the view function above which records the user with this client side UUID. :return: HTTP response which generates a localStorage super cookie if not already set via javascipt (see the template) and then redirects to a new URL to transfer this client side cookie to server side. """ check_referer(request, URLS['TP_SUPER_COOKIE_URL']) config_cookie_length = implicit_user_login( User, config_id).local_storage_super_cookie_size # The site to redirect to. next_site = URLS[ 'TP_SUPER_COOKIE_URL'] + 'tp-super-cookie-data/' + config_id response = make_response( render_template(THIRD_PARTY_SUPER_COOKIE_TEMPLATE, current_url=request.url_root, next_site=next_site, safe_referer=request.referrer, config_cookie_length=config_cookie_length)) return response
def start_benchmark(): """ Starts the benchmark by going the the start of the nested loop :return: HTTP response for the start of the nested redirect loop found in the benchmark package/ """ check_referer(request, URLS['CONFIG_URL']) uuid = request.cookies.get('id') user = implicit_user_login(User, uuid) # Starts testing from the first mode user.mode = '1' # Clears the most recent benchmark results in preparation for the new benchmark user.first_party_test_result = 'Untested' user.third_party_test_result = 'Untested' user.third_party_split_result = 'Untested' user.third_party_split_chain_result = 'Untested' user.third_party_super_cookie_result = 'Untested' user.third_party_split_super_cookie_result = 'Untested' db.session.commit() # returns the HTTP redirect response for the starting benchmark loop return redirect(URLS['FP_URL_1'] + 'benchmark/' + user.uuid + '/' + user.mode + '/0')
def tp_super_cookie_data(config_id, uuid): """ Iframed website that is redirected into from the function below. This gets the UUID from the URL parameter and creates a history log for this UUID. :param uuid: Generated client side, this supercookie identifies the user. :return: HTTP response which displays the history log for this perceived user """ check_referer(request, URLS['TP_SUPER_COOKIE_URL']) trackable_user = JoinedTrackableUUID.get_or_create(uuid) site = unquote(request.args.get('id', None)) log_site_visit(JoinedHistory, site, trackable_user, request.access_route[0]) redis_set_benchmark_recent_site(config_id, '5', site) recent_history = generate_recent_history(JoinedHistory, trackable_user, 10) response = make_response( render_template(THIRD_PARTY_SINGLE_TEMPLATE, history_log=recent_history, current_url=request.url_root, cookie_id=uuid)) return response
def config_switch(url, config_id): """ Depending on the configuration mode, loads the correct version of the first party sites (with the correct tracking). :param url: The correct malicious first party site to load. :param config_id: The configuration id so we can load the correct version of the site (according to tracking preference). :return: HTTP response for the first party site """ check_referer(request, url + config_id) config_user = User.query.filter_by(uuid=config_id).first_or_404() # Generates the history log for first party only tracking fp_uuid = request.cookies.get('id') fp_user = implicit_user_login(FirstPartyUUID, fp_uuid, config_user.first_party_cookie_size) log_site_visit(FirstPartyHistory, request.url, fp_user, request.access_route[0]) recent_history = generate_recent_history(FirstPartyHistory, fp_user, 10) # Sets the recently visited site for the benchmark redis_set_benchmark_recent_site(config_id, '1', request.url) # Chooses the correct tracking mode based on what the user wants to test out if config_user.mode == '1': response = make_response( render_template(FIRST_PARTY_ONLY_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id, history_log=recent_history)) elif config_user.mode == '2': response = make_response( render_template(FIRST_PARTY_AND_THIRD_PARTY_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) elif config_user.mode == '3': response = make_response( render_template(FIRST_PARTY_AND_THIRD_PARTY_SPLIT_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) elif config_user.mode == '4': response = make_response( render_template(FIRST_PARTY_AND_THIRD_PARTY_SPLIT_CHAIN_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) elif config_user.mode == '5': response = make_response( render_template(FIRST_PARTY_AND_THIRD_PARTY_SUPER_COOKIE_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) elif config_user.mode == '6': response = make_response( render_template( FIRST_PARTY_AND_THIRD_PARTY_SPLIT_CHAIN_SUPER_COOKIE_TEMPLATE, urls=URLS, fp_cookie_id=fp_uuid, config_id=config_id)) else: response = redirect_config() # Creates a cookie if none existed (for first party tracking mode 1 only) if fp_uuid is None: response = append_cookie(response, fp_user.uuid) return response
def fp_malicious_3_record(config_id): """ Logs the external link the user intended for malicious first party website number 3. """ check_referer(request, URLS['FP_URL_MALICIOUS_3'] + config_id) return fp_malicious_record(config_id)