1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to fake traffic logger stats?

Discussion in 'BlackHat Lounge' started by baokyrox, Dec 17, 2008.

  1. baokyrox

    baokyrox BANNED BANNED

    Joined:
    Oct 10, 2008
    Messages:
    429
    Likes Received:
    34
    I have a tracker code by the javascript code

    Code:
    <!--LiveInternet counter--><script type="text/javascript"><!--
    document.write("<a href='http://www.liveinternet.ru/click' "+
    "target=_blank><img src='http://counter.yadro.ru/hit?t44.6;r"+
    escape(document.referrer)+((typeof(screen)=="undefined")?"":
    ";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?
    screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+
    ";"+Math.random()+
    "' alt='' title='LiveInternet' "+
    "border=0 width=31 height=31></a>")//--></script><!--/LiveInternet-->
    This code above will return an image, I go check my Page Dependencies under MEDIA and find the image path, when i key it in at my address bar and GO/Press Enter, (means load the image), the stats will increase.

    so i actually went modified the code and put at my site (not the actual logging site), as below

    Code:
    <script type="text/javascript">
    document.write("<iframe src='http://counter.yadro.ru/hit?t44.6;r;s1680*1050*32;uhttp%3A//www.watata.us/;"+Math.random()+"' width=1 height=1")
    </script>
    But it's don't work or increase the views/visitor, assuming watata.us is the site.

    I tried to hardcore it but the stats won't add, does the log only add when the code is place at the "site itself" and call at the target site itself" e.g

    THE tracking for watata.US will only add when call at watata.US?

    But i tried copy the image path (Page Info) of the tracker cause they add by the image, and i enter it at my address bar and the page view increasing.

    How do i work around with this code? Thanks.

    The view/visitor will INCREASE when i call(enter the url at address bar and press ENTER)
    the image path which is generate on the watata.us
    Code:
    http://counter.yadro.ru/hit?t44.6;r;s1680*1050*32;uhttp%3A//watata.us/;0.1661883533950575
     
  2. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    Such trackers use a few techniques to avoid double hits, different from code to code.

    Most common:
    They set a cookie valid for x hours or days, removing the cookie can help
    Next is that they check your IP and remember it (using a proxy avoids this)
    Also testing the referer is something thats common, referer is the site where the object was called from.
    Some even test your useragent+resolution (changing useragent avoids this)

    Take a look at my thread to learn a bit more about that (see my sig)

    Most simple test is to remove your cookies (including session cookies) and try it again, a lot of counters and vote scripts will then add one vote.
     
  3. baokyrox

    baokyrox BANNED BANNED

    Joined:
    Oct 10, 2008
    Messages:
    429
    Likes Received:
    34
    sorry but this is not the answer i wanted.

    Basically i want to modify the code so its appear i am watata.com who is serving the counter.

    Traffic i have, but the site watata.com have virus and the client pay me a sum of money , i don't want to let him infect my user neither do i want affect my business.
     
  4. freqout

    freqout Regular Member

    Joined:
    Dec 1, 2008
    Messages:
    494
    Likes Received:
    81
    Occupation:
    Security Engineer
    Location:
    San Francisco bay area
    So, let me get this straight, you are trying to hide a counter/js associated in an iframe, or what?