Link tracking redirectors 2

By steve
1 comment
August 23, 2019
2 Min read
In Technical
L

It’s not too difficult to build your own link redirector, perhaps a few hours work for a basic implementation

me, yesterday

Yesterday I suggested that link tracking wasn’t too complex, but didn’t really have anything to back the claim up. And nobody trusts developer time estimates.

So I cranked DEF CON Radio and wrote a dedicated click-tracking webserver, mostly as a demo of how to use cryptography to protect the integrity and privacy of the tracking links but also to see how much work it was.

  • Written in Go, a language fairly well suited to the problem
  • No server database needed, nor any disk IO at all to generate URLs or to answer redirection requests
  • Supports arbitrary data embedded in the tracking link
  • <1.5ms to respond to a query on localhost
  • Uses 128 bit AES-GCM cipher, which is overkill for this sort of application
  • Supports key and algorithm rotation
  • Human readable slug for friendlier links
  • Doesn’t use any third party libraries, just the Go standard library
  • Less than 300 lines of code in total
  • Around 100 lines of code to generate and use cryptographically protected URLs
  • About two and a half hours work, start to finish
  • Adding TLS would only be a few extra lines of code, but would require creating certificates so I left that code out

It looks like this:

$ clicktrack -create url=https://wordtothewise.com/blog/ myid=steve
http://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCCxnKOkvL4oic
IISkybvO26kL6R2E3PxHS5R2PPEye6zVHG0sEamragEHbY_iSTTuQ
pFbFLM0a3dPH6Xm3_0j8h2gBCybFpLUJW

$ clicktrack -parse http://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCC ... 
{
   "myid": "steve",
   "url": "https://wordtothewise.com/blog/" 
}

$ clicktrack -serve
Listening on 127.0.0.1:3000

$ curl -D- http://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCC ...
 HTTP/1.1 301 Moved Permanently
 Content-Type: text/html; charset=utf-8
 Location: https://wordtothewise.com/blog/
 Date: Thu, 22 Aug 2019 16:46:28 GMT
 Content-Length: 66
 
 <a href="https://wordtothewise.com/blog/">Moved Permanently</a>

It’s all at github.com/wttw/clicktrack.

FacebookLinkedIn

About the author

steve
View all posts

1 comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Scotty: Oh, you didn’t tell him how long it would *really* take, did ya?

    Lt. Commander Geordi La Forge: Well, of course I did.

    Scotty: Oh, laddie. You’ve got a lot to learn if you want people to think of you as a miracle worker.

Read more

By steve August 23, 2019
1 comment

Recent Posts

Archives

Follow Us