Ads networks are following you, follow them back

Presented at TROOPERS18 (2018), March 15, 2018, 4 p.m. (Unknown duration)

Ads networks are everywhere. They are annoying, intrusive, and every couple of month one of them gets compromised and does nasty things to visitors. But how bad is it in practice? This talk will present an open source tool aiming to help an analyst or an internal auditor to figure out what is going on on a specific website.

We talk about going to webpages. But really, webpages come to us, and increasingly dozens of companies at a time do complicated and invisible things on our computers with every site we "visit". This has gotten so obfuscated that popular websites using ad technology, plug-ins, and tools from various vendors are often as ignorant of what they're serving as their users are of what they're receiving. This has resulted in rampant privacy violations, broken features, and even major media sites unintentionally serving malware.

We make Lookyloo to help. Lookylook builds a tree view of all domains loaded from a specific URL and what those domains are up to. It can traverse a site to a user-specified depth, mimicking a legitimate user. We used Splash to make a full browser, executing Javascript, following redirects, and capturing cookies, and then returning a HTTP Archive (.har) file. We build a visualization from the .har files that allows a site administrator (or user) to track the trackers.


Presenters:

  • Raphaël Vinot
    Raphaël Vinot is a security researcher at the Computer Incident Response Center Luxembourg (CIRCL) since 2012. Raphaël wants to increase the IT consciousness of the human beings populating the internet in order to make it safer for everyone. His day job is a mixture of forensic and malware analysis with a lot of Python on top of it to glue all the pieces together. He loves sharing and thinks everyone should contribute to open source projects.

Links:

Similar Presentations: