Link tracking redirectors 2
It’s not too difficult to build your own link redirector, perhaps a few hours work for a basic implementation
me, yesterday
Yesterday I suggested that link tracking wasn’t too complex, but didn’t really have anything to back the claim up. And nobody trusts developer time estimates.
So I cranked DEF CON Radio and wrote a dedicated click-tracking webserver, mostly as a demo of how to use cryptography to protect the integrity and privacy of the tracking links but also to see how much work it was.
- Written in Go, a language fairly well suited to the problem
- No server database needed, nor any disk IO at all to generate URLs or to answer redirection requests
- Supports arbitrary data embedded in the tracking link
- <1.5ms to respond to a query on localhost
- Uses 128 bit AES-GCM cipher, which is overkill for this sort of application
- Supports key and algorithm rotation
- Human readable slug for friendlier links
- Doesn’t use any third party libraries, just the Go standard library
- Less than 300 lines of code in total
- Around 100 lines of code to generate and use cryptographically protected URLs
- About two and a half hours work, start to finish
- Adding TLS would only be a few extra lines of code, but would require creating certificates so I left that code out
It looks like this:
$ clicktrack -create url=https://wordtothewise.com/blog/ myid=stevehttp://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCCxnKOkvL4oicIISkybvO26kL6R2E3PxHS5R2PPEye6zVHG0sEamragEHbY_iSTTuQpFbFLM0a3dPH6Xm3_0j8h2gBCybFpLUJW$ clicktrack -parse http://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCC ...{"myid": "steve","url": "https://wordtothewise.com/blog/"}$ clicktrack -serveListening on 127.0.0.1:3000$ curl -D- http://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCC ... HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=utf-8 Location: https://wordtothewise.com/blog/ Date: Thu, 22 Aug 2019 16:46:28 GMT Content-Length: 66 <a href="https://wordtothewise.com/blog/">Moved Permanently</a>
It’s all at github.com/wttw/clicktrack.