From 29f12f9ce0490e1293383ef92770fd217f25202e Mon Sep 17 00:00:00 2001 From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com> Date: Mon, 18 Dec 2023 21:30:49 +0300 Subject: [PATCH 1/4] Create WhoSpyOnMe?.bambda Ever feel like you're being followed online? WhoSpyOnMe is here to confirm your suspicions! --- Proxy/HTTP/WhoSpyOnMe?.bambda | 49 +++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 Proxy/HTTP/WhoSpyOnMe?.bambda diff --git a/Proxy/HTTP/WhoSpyOnMe?.bambda b/Proxy/HTTP/WhoSpyOnMe?.bambda new file mode 100644 index 0000000..d7c9596 --- /dev/null +++ b/Proxy/HTTP/WhoSpyOnMe?.bambda @@ -0,0 +1,49 @@ +/** + * WhoSpyOnMe: Burp Suite Bambda for Identifying Tracking Services + * FilterOut Burp Suite history to detect and analyze tracking services from web requests + * Capable of filtering based on Hosts, endpoints and parameters for detailed insights + * Useful for privacy audits and identifying potential data privacy concerns + * Future extension plan: 'DontSpyOnMe' to automatically block identified tracking hosts + * Contributions welcome: Feel free to contribute and add more hosts for detection + * Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) + **/ + +// Define hash sets for hosts, paths, and parameters +Set trackedHosts = new HashSet<>(Arrays.asList("www.gstatic.com", "events.statsigapi.net", "ingesteer.services-prod.nsvcs.net", "js-eu1.hs-analytics.net", "static.hotjar.com", "forms-eu1.hscollectedforms.net", "www.google-analytics.com", "www.googletagmanager.com", "static.xx.fbcdn.net", "stats.g.doubleclick.net", "collector.github.com")); +Set trackedPaths = new HashSet<>(Arrays.asList("/logging/v1", "/track")); +Set trackedParameters = new HashSet<>(Arrays.asList("logs", "log")); + +// Main logic of the Bambda +if (requestResponse.request().url() != null && requestResponse.hasResponse()) { + var request = requestResponse.request(); + var response = requestResponse.response(); + String requestUrl = request.url().toLowerCase(); + + // Extract host and path from URL + String[] urlParts = requestUrl.split("/", 4); + String host = urlParts.length > 2 ? urlParts[2] : ""; + String path = urlParts.length > 3 ? "/" + urlParts[3].split("\\?")[0] : ""; + + // Check for tracked host + if (trackedHosts.contains(host)) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + return true; + } + + // Check for tracked path + if (trackedPaths.contains(path)) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + return true; + } + + // Check for tracked parameters + var parameters = request.parameters(); + for (HttpParameter param : parameters) { + if (trackedParameters.contains(param.name().toLowerCase()) || trackedParameters.contains(param.value().toLowerCase())) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + return true; + } + } +} + +return false; From 5e37fe8a10d7def7ea158d38c2d334b0daea2f70 Mon Sep 17 00:00:00 2001 From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com> Date: Wed, 20 Dec 2023 06:20:56 +0300 Subject: [PATCH 2/4] Update WhoSpyOnMe?.bambda Updating the author format Removing the unnecessary check for response existence, as it's not used in the logic. Removing the check for URL existence in the request, as it's likely always present in a valid HTTP request. --- Proxy/HTTP/WhoSpyOnMe?.bambda | 51 +++++++++++++++-------------------- 1 file changed, 22 insertions(+), 29 deletions(-) diff --git a/Proxy/HTTP/WhoSpyOnMe?.bambda b/Proxy/HTTP/WhoSpyOnMe?.bambda index d7c9596..ef593a5 100644 --- a/Proxy/HTTP/WhoSpyOnMe?.bambda +++ b/Proxy/HTTP/WhoSpyOnMe?.bambda @@ -1,11 +1,7 @@ /** * WhoSpyOnMe: Burp Suite Bambda for Identifying Tracking Services * FilterOut Burp Suite history to detect and analyze tracking services from web requests - * Capable of filtering based on Hosts, endpoints and parameters for detailed insights - * Useful for privacy audits and identifying potential data privacy concerns - * Future extension plan: 'DontSpyOnMe' to automatically block identified tracking hosts - * Contributions welcome: Feel free to contribute and add more hosts for detection - * Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) + * @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) **/ // Define hash sets for hosts, paths, and parameters @@ -14,36 +10,33 @@ Set trackedPaths = new HashSet<>(Arrays.asList("/logging/v1", "/track")) Set trackedParameters = new HashSet<>(Arrays.asList("logs", "log")); // Main logic of the Bambda -if (requestResponse.request().url() != null && requestResponse.hasResponse()) { - var request = requestResponse.request(); - var response = requestResponse.response(); - String requestUrl = request.url().toLowerCase(); +var request = requestResponse.request(); +String requestUrl = request.url().toLowerCase(); - // Extract host and path from URL - String[] urlParts = requestUrl.split("/", 4); - String host = urlParts.length > 2 ? urlParts[2] : ""; - String path = urlParts.length > 3 ? "/" + urlParts[3].split("\\?")[0] : ""; +// Extract host and path from URL +String[] urlParts = requestUrl.split("/", 4); +String host = urlParts.length > 2 ? urlParts[2] : ""; +String path = urlParts.length > 3 ? "/" + urlParts[3].split("\\?")[0] : ""; - // Check for tracked host - if (trackedHosts.contains(host)) { - requestResponse.annotations().setHighlightColor(HighlightColor.RED); - return true; - } +// Check for tracked host +if (trackedHosts.contains(host)) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + return true; +} - // Check for tracked path - if (trackedPaths.contains(path)) { +// Check for tracked path +if (trackedPaths.contains(path)) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + return true; +} + +// Check for tracked parameters +var parameters = request.parameters(); +for (HttpParameter param : parameters) { + if (trackedParameters.contains(param.name().toLowerCase()) || trackedParameters.contains(param.value().toLowerCase())) { requestResponse.annotations().setHighlightColor(HighlightColor.RED); return true; } - - // Check for tracked parameters - var parameters = request.parameters(); - for (HttpParameter param : parameters) { - if (trackedParameters.contains(param.name().toLowerCase()) || trackedParameters.contains(param.value().toLowerCase())) { - requestResponse.annotations().setHighlightColor(HighlightColor.RED); - return true; - } - } } return false; From 3cf71616a92baf740864ba93ecd0f3b3d3e45488 Mon Sep 17 00:00:00 2001 From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com> Date: Wed, 20 Dec 2023 06:26:25 +0300 Subject: [PATCH 3/4] Rename WhoSpyOnMe?.bambda to HighlightTrackerServices.bambda --- .../HTTP/{WhoSpyOnMe?.bambda => HighlightTrackerServices.bambda} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Proxy/HTTP/{WhoSpyOnMe?.bambda => HighlightTrackerServices.bambda} (100%) diff --git a/Proxy/HTTP/WhoSpyOnMe?.bambda b/Proxy/HTTP/HighlightTrackerServices.bambda similarity index 100% rename from Proxy/HTTP/WhoSpyOnMe?.bambda rename to Proxy/HTTP/HighlightTrackerServices.bambda From b48fc79044e450b9f835c9ad6b08d17527a916f0 Mon Sep 17 00:00:00 2001 From: PortSwiggerWiener <136816696+PortSwiggerWiener@users.noreply.github.com> Date: Wed, 20 Dec 2023 09:56:15 +0000 Subject: [PATCH 4/4] Update HighlightTrackerServices.bambda --- Proxy/HTTP/HighlightTrackerServices.bambda | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Proxy/HTTP/HighlightTrackerServices.bambda b/Proxy/HTTP/HighlightTrackerServices.bambda index ef593a5..44264f3 100644 --- a/Proxy/HTTP/HighlightTrackerServices.bambda +++ b/Proxy/HTTP/HighlightTrackerServices.bambda @@ -1,5 +1,5 @@ /** - * WhoSpyOnMe: Burp Suite Bambda for Identifying Tracking Services + * HighlightTrackerServices: Burp Suite Bambda for Identifying Tracking Services * FilterOut Burp Suite history to detect and analyze tracking services from web requests * @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) **/