Link tracking redirectors 2

It’s not too difficult to build your own link redirector, perhaps a few hours work for a basic implementation

me, yesterday

Yesterday I suggested that link tracking wasn’t too complex, but didn’t really have anything to back the claim up. And nobody trusts developer time estimates.

So I cranked DEF CON Radio and wrote a dedicated click-tracking webserver, mostly as a demo of how to use cryptography to protect the integrity and privacy of the tracking links but also to see how much work it was.

  • Written in Go, a language fairly well suited to the problem
  • No server database needed, nor any disk IO at all to generate URLs or to answer redirection requests
  • Supports arbitrary data embedded in the tracking link
  • <1.5ms to respond to a query on localhost
  • Uses 128 bit AES-GCM cipher, which is overkill for this sort of application
  • Supports key and algorithm rotation
  • Human readable slug for friendlier links
  • Doesn’t use any third party libraries, just the Go standard library
  • Less than 300 lines of code in total
  • Around 100 lines of code to generate and use cryptographically protected URLs
  • About two and a half hours work, start to finish
  • Adding TLS would only be a few extra lines of code, but would require creating certificates so I left that code out

It looks like this:

$ clicktrack -create url=https://wordtothewise.com/blog/ myid=steve
http://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCCxnKOkvL4oic
IISkybvO26kL6R2E3PxHS5R2PPEye6zVHG0sEamragEHbY_iSTTuQ
pFbFLM0a3dPH6Xm3_0j8h2gBCybFpLUJW

$ clicktrack -parse http://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCC ... 
{
   "myid": "steve",
   "url": "https://wordtothewise.com/blog/" 
}

$ clicktrack -serve
Listening on 127.0.0.1:3000

$ curl -D- http://127.0.0.1:3000/?x=2.UBC-ChQ31mqqYCC ...
 HTTP/1.1 301 Moved Permanently
 Content-Type: text/html; charset=utf-8
 Location: https://wordtothewise.com/blog/
 Date: Thu, 22 Aug 2019 16:46:28 GMT
 Content-Length: 66
 
 <a href="https://wordtothewise.com/blog/">Moved Permanently</a>

It’s all at github.com/wttw/clicktrack.

Related Posts

Link tracking redirectors

Almost every bulk mail sent includes some sort of instrumentation to track which users click on which links and when. That’s usually done by the ESP rewriting links in the content so they point at the ESP’s tracking server, and include information about the customer, campaign and recipient. The recipient clicks on the link in the email, their web browser fetches the link from the tracking server, the tracking server records the details of that click and tells the browser to immediately open the original destination page.

Read More