Skip to content

Latest commit

 

History

History
executable file
·
84 lines (71 loc) · 3.5 KB

2012-09-23-how-to-create-web-bug-aka-beacon-image.md

File metadata and controls

executable file
·
84 lines (71 loc) · 3.5 KB
Raw
title description layout permalink date updated categories tags
How to create a web bug (aka beacon image)
Tutorial: learn how to build a hidden web bug. To create a beacon image, you need to enable the Apache’s URL rewriting module (mod_rewrite).
post
/how-to-create-web-bug-aka-beacon-image/
2012-09-23 15:22:30 +0000
2020-09-19
PHP
beacon
bug
htaccess
image
pixel
rewrite
tag
url
web

Have you ever wondered why some web pages include a 1×1 GIF image? Well, they’re called web bugs, and they track you.

The beacon images (better known as web bugs) are basically just hidden scripts behind images. They can easily be spotted because they usually don’t end with a common image format, like gif, jpeg or png.
An example of web beacon could be this: 

<img src="beacon.php" width="1" height="1" alt="">

As you can see, the src attribute contains a PHP script. It’s easy to find (and block) web bugs when you see that an image is served as PHP.

By the way, more generally speaking, if you see that a file ends with .jpg (it’s an image, you think) or just doesn’t have an extension (I’m inside a folder, you think)… well, you could be wrong. I can easily execute a script when an user requests a simple image ending with .jpg, and I’ll explain you how.

In order to create a hidden web bug, you need to enable the Apache’s URL rewriting module (mod_rewrite). Create a new .htaccess file and put the following code in it: 

RewriteEngine On
RewriteRule ^(.*).(png|jpg|gif)$ script.php

Now create the script.php file and write some random code: 

<?php
$fullpath  = $_SERVER['REQUEST_URI'];
$filename  = basename($fullpath);
$ip        = $_SERVER['REMOTE_ADDR'];
$useragent = $_SERVER['HTTP_USER_AGENT'];

echo "Path: $fullpath;<br>
File: $filename;<br>
IP address: $ip;<br>
User agent: $useragent";

And now try to navigate through an image, let’s say cat.gif. You’ll go to http://yoursite.com/path/to/cat.gif and you’ll expect to see a cat. Instead, you’ll see something like this: 

Path: /path/to/cat.gif;
File: cat.gif;
IP address: 127.0.0.1;
User agent: Mozilla/5.0 [...];

Take a quick look at the URL in your browser’s address bar. You requested a cat.gif, but script.php has been executed instead. Kind of creepy, isn’t it? Imagine what else you could do. You can execute code. Possibilities are infinite.