Judas

Last updated: 08.05.2002


Demonstration

Judas

Log files

 

Sources

Judas.pl
Judas.cfg

Documentation


Notes

Most Perl CGI scripts are called by <FORM> or <A> tags and return HTML or text documents. But there's nothing to stop a developer using a Perl script as the value of the SRC attribute of, for example, an <IMG> tag and having it return some other data type, such as an image.

Judas demonstrates how this could be used to log details about the user without them being aware of it. The test page contains a tag of the form:

<IMG SRC="/cgi-bin/Judas.pl" ... >

When the web browser tries to load this image, the script is called. The script returns an image, so from the user's point of view, everything looks normal. However, the script has also secretly logged information about them to a file, without their being aware of it.

This isn't actually a very efficient way of monitoring who visits your site (reading the server logs is easier and more efficient), and it records only information that's freely available. But the technique is interesting.

Judas is based on code developed for the CallerID script.


[raingod:resources:perl] -- [up][links][home]