IP logger | new api-ish service

Logic-gate · August 29, 2017, 7:48pm

Hey Guys,

First post here,

I am here to introduce a new aspect of a project I am working on(http://ki.tc). An IP logger with CLI in mind. Now, I have taken an API approach to this, so all calls are JSON dependent. Apart from my introduction, I would appreciate new ideas or rather feedback from the community as to further enhance the service…here goes…

Creating a link:

 curl -i -H "Content-Type: application/json" -X POST -d '{"url": "http://google.com"}' http://ki.tc/

Response:

{
  "url_short": {
    "_id": "b24a138a7f1bce6c493bc", 
    "admin_link": "http://ki.tc/url_shortner/b24a138a7f1bce6c493bc", 
    "link": "http://ki.tc/d93da", 
    "time": "Sun, 27 Aug 2017 18:35:16 GMT", 
    "url": "http://google.com"
  }
}

_id is not retrievable, so save it.

Admin Access:

curl -i -H "Content-Type: application/json" -X GET http://ki.tc/url_shortner/b24a138a7f1bce6c493bc

Response:

{
  "_id": "b24a138a7f1bce6c493bc", 
  "url_build": {
    "_id": "b24a138a7f1bce6c493bc", 
    "admin_link": "http://ki.tc/url_shortner/b24a138a7f1bce6c493bc", 
    "link": "http://ki.tc/d93da", 
    "time": "Sun, 27 Aug 2017 18:35:16 GMT", 
    "url": "http://google.com"
  }, 
  "url_id": 194249668
}

Admin access updated(after someone visits the link). Updated with every Access attempt.

{
  "2017-08-27 18:39:19": {
    "165914": {
      "access_id": "ae3c63d61f35", 
      "access_time": "Sun, 27 Aug 2017 18:39:19 GMT", 
      "ip_address": "X.X.X.X", 
      "user_agent": "Mozilla/5.0 (X11; Linux x86_64)"
    }
  }, 
  "_id": "b24a138a7f1bce6c493bc", 
  "url_build": {
    "_id": "b24a138a7f1bce6c493bc", 
    "admin_link": "http://ki.tc/url_shortner/b24a138a7f1bce6c493bc", 
    "link": "http://ki.tc/d93da", 
    "time": "Sun, 27 Aug 2017 18:35:16 GMT", 
    "url": "http://google.com"
  }, 
  "url_id": 194249668
}

Each access object is nested with a time-of-access key, which in return is nested with an identifier. Not to be confused with access_id.

Delete Link(DELETE METHOD | admin link)

curl -i -H "Content-Type: application/json" -X DELETE http://ki.tc/url_shortner/b24a138a7f1bce6c493bc

Response:

{
  "result": true
}

After finishing, I realized that I spelled shortener wrong shortner…speechless

Anyways, I would appreciate any feedback, productive or destructive…doesn’t matter as long as it is feedback.

Cheers,

oaktree · August 29, 2017, 7:59pm

Where is the server source code?

Logic-gate · August 29, 2017, 8:19pm

Here you go:
https://github.com/Logic-gate/datasig/blob/master/init.py#L697

Please note…The CODE is a complete mess I am believer in fast prototyping as oppose to rigorous coding

pry0cc · August 29, 2017, 8:36pm

Hm this is indeed interesting. Is there planned support for more than just the IP and log times? A browser fingerprint? Installed services? Plugins? I think this has the potential to be really cool.

You could very easily couple this with some phishing, and you’ve got a dead easy way to track your engagements. I like it.

Logic-gate · August 29, 2017, 8:45pm

Yeah, absolutely…I am actually working on integrating https://github.com/Valve/fingerprintjs2. Still in the early stages…but will see where it goes.

Cheers for the feedback.

pry0cc · August 29, 2017, 8:52pm

That is a really nice idea. You could check for user agents server side, and then enable modules such as fingerprinting, or even things from sites like this, web RTC leaks, canvas fingerprinting, font fingerprinting, proxy detection, the lot!

This would be a HUGE step up from something like Grabify. I would also like to suggest that we make this it’s own module, it’s own project, and actually incorporate everything related to web based data exfiltration, so that being, form collection, fingerprinting, IP logging, simple javascript execution, (if this, then that). Even this as a set of tools in an API would be invaluable to a pentester in their day to day work.

Utilising WebRTC leaks, you could actually determine who clicked on what links, and you could plot it on a graph! I may be overexaggerating a bit on this, but I love JSON, and I love HTTP API’s. Especially when you can host them yourselves.

Logic-gate · August 29, 2017, 9:35pm

Your feedback and ideas are much appreciated. I will take it upon myself to fulfill every single idea. Because…either this is a dream and I am talking to myself, or you, my friend, are my doppelganger.

fraq · August 29, 2017, 10:31pm

After reading a bit of your source code HOLY CRAP that’s a long init.py.

Have you considered breaking this up into modules to make it more contributor friendly?

Logic-gate · August 29, 2017, 10:44pm

Had to move away from openshift, started a droplet on digital ocean…got frustrated from permission issues…said the hell with it…init it is.

But yeah, it needs cleaning…a lot of it.

pry0cc · August 30, 2017, 1:07pm

I’d be interested in contributing. @fraq, this could be valuable for chatops. We could even start a browser fingerprint database!

fraq · August 30, 2017, 1:24pm

I was thinking that. I currently have a long backlog of work on Legobot, but the more contributors we have there, the more features we can implement. Nitrax has already contributed loads of work and advanced us several months in development time. I’m trying to get two more contributors up to speed right now.

@Logic-gate, if you want to take a look at integrating this into a chatops framework, reach out to me or @Nitrax in #legobot on the IRC.

system · January 21, 2018, 12:43am

This topic was automatically closed after 30 days. New replies are no longer allowed.