Commits

Anonymous committed dafdf38

Adding type column and having the server return the media type requested. CSS and IMG are supported. Created basic README file.

Comments (0)

Files changed (3)

+Web Bug Server consists of a php page that takes requests in a specific format, logs details about the requests to a database, and returns the type of media file requested.
+
+By default, Web Bug Server uses a MySQL database.  To set up the database structure for Web Bug Server run the following MySQL commnds.
+# Begin SQL commands
+CREATE DATABASE webbug;
+USE webbug;
+CREATE TABLE requests (id TEXT, type TEXT, ip_address TEXT, user_agent TEXT, time INTEGER);
+GRANT USAGE ON *.* TO webbuguser@localhost IDENTIFIED BY 'adhd';
+GRANT ALL PRIVILEGES ON webbug.* TO webbuguser@localhost;
+# End SQL commands
+
+These commands assume that the MySQL database is running on the same machine as Web Bug Server and sets up a database called 'webbug' with a 'requests' table and gives access to 'webbuguser' with a password of 'adhd'.
 		echo 'This page is intended for receiving Word web bugs as detailed here ';
 		echo '<a href="http://ha.ckers.org/webbug.html">http://ha.ckers.org/webbug.html</a><br>';
 		echo 'Requests should be in the form http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
-		echo '?id=<i>&lt;arbitrary document id&gt;</i>';
+		echo '?id=<i>&lt;arbitrary document id&gt;</i>&type=&lt;css|img&gt;';
 		echo '</body></html>';
 		exit();
 	}
 	$dbhandle = new PDO($config['pdo_connection_string'], 
 		$config['db_username'], $config['db_password']);
 
+	$type = $_GET['type']; 
+
 	$ip = '';
 	if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARTDED_FOR'] != '') {
     		$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
 	}
 	$user_agent = $_SERVER['HTTP_USER_AGENT'];
 
-	$dbhandle->query('INSERT INTO requests (id, ip_address, user_agent, time)' . 
-		' VALUES (' . $dbhandle->quote($id) . ', ' . $dbhandle->quote($ip) . ', ' . $dbhandle->quote($user_agent) . ', ' . time() . ')')
+	$dbhandle->query('INSERT INTO requests (id, type, ip_address, user_agent, time)' . 
+		' VALUES (' . $dbhandle->quote($id) . ', ' . $dbhandle->quote($type) . ', ' . $dbhandle->quote($ip) . ', ' . $dbhandle->quote($user_agent) . ', ' . time() . ')')
 		or die(print_r($dbhandle->errorInfo(), true));
 
-	if($id == 'css') {
+	if($type == 'css') {
 		echo file_get_contents('normalize.css');
-	} else if($id == 'img') {
+	} else if($type == 'img') {
 		echo file_get_contents('1x1.jpg');
 	}
 ?>
 <html>
 <head>
-<LINK REL="stylesheet" HREF="http://127.0.0.1/web-bug-server/index.php?id=css">
+<LINK REL="stylesheet" HREF="http://127.0.0.1/web-bug-server/index.php?id=1&type=css">
 </head>
 
 <body>
 <p>What
 a buggy document!</p>
 
-<IMG SRC="http://127.0.0.1/web-bug-server/index.php?id=img" width="1" height="1">
+<IMG SRC="http://127.0.0.1/web-bug-server/index.php?id=1&type=img" width="1" height="1">
 
 </body>