Add files via upload

Author: safesploit

README.md

@@ -0,0 +1,44 @@
+# Watcher
+
+Watcher tracks referrer page, IP address, date/time and user agent data before discreetly redirecting to the indended URL.
+
+# Setup
+
+## Hosting
+
+PHP has a [built-in web server](https://www.php.net/manual/en/features.commandline.webserver.php) which can be used to spin up a server immediately for testing purposes.
+
+    $ git clone https://github.com/safesploit/Watcher.git
+    $ cd Watcher
+    $ php -S localhost:8080 index.php
+    
+We can now access Watcher via `http://localhost:8080`
+    
+## URL Formatting
+
+Using the GET variable `s` we can specify the header address to redirect the user to.
+
+    http://localhost:8080/index.php?s=safesploit.com
+    
+Watcher will log information in `log.txt` and then redirect the user to `http://google.com`.
+
+Alternatively the shorter form `http://localhost:8080/?s=safesploit.com` can be used.
+
+# Example log
+
+`Logged IP address: 127.0.0.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36  Reffered by:  Parameter: safesploit.com Date logged: Friday 29th 2022f July 2022 07:33:38 PM`
+
+## Watcher v1.1.0 
+Since v1.1.0 full URLs can be provided via the `s` parameter without significant issue
+
+`Logged IP address: 127.0.0.1, User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36, Referred by: , Parameter: https://www.safesploit.com, Date logged: Saturday 30th 2022f July 2022 05:56:57 PM`
+
+The supplied URL is as follows:
+
+    http://localhost:8080/index.php?s=https://www.safesploit.com
+
+
+## Potential Issues
+Because `www.safesploit.com` will redirect HTTP request to HTTPS the code logic `header( "Location: http://" . $_GET['s'], TRUE, 301 )` works fine.
+
+But for web servers which only use HTTPS and do not redirect HTTP requests issues will occur.

index.php

@@ -0,0 +1,5 @@
+<?php
+require('watcher.php');
+
+watcher();
+?>

watcher.php

@@ -0,0 +1,87 @@
+<?php
+function getIPAddress()
+{
+    // IP logging
+    $register_globals = (bool) ini_get('register_gobals');
+    if ($register_globals) 
+        $ip = getenv(REMOTE_ADDR);
+    else 
+        $ip = $_SERVER['REMOTE_ADDR'];
+
+    return $ip;
+}
+
+function redirect()
+{
+    $url = parameterValidator();
+
+    header( "Location: " . $url, TRUE, 301 );
+}
+
+function referred()
+{
+    if(isset($_SERVER['HTTP_REFERER']))
+        $referred = $_SERVER['HTTP_REFERER'];
+    else
+        $referred = "NULL";
+}
+
+function parameter()
+{
+    if (isset($_GET['s']) && $_GET['s'] != "")
+        return $_GET['s'];
+    else
+        exit;
+}
+
+function parameterValidator()
+{
+     //Check if parameter() supplied is URL or URN
+
+    if(filter_var(parameter(), FILTER_VALIDATE_URL))
+        $url = parameter();
+    else
+    {
+        $protocol = "http://"; //assuming protocol is HTTP
+        $url = $protocol . parameter();
+    }
+
+    return $url;
+}
+
+function userAgent()
+{
+    return $_SERVER['HTTP_USER_AGENT'];
+}
+
+
+function watcher()
+{
+    $logFilename="log.txt"; //log file
+    $log=fopen("$logFilename", "a+");
+    
+    $pattern = "/\btxt\b/i"; // only txt files
+    $date=date("l dS of F Y h:i:s A");
+
+    $ip = getIPAddress();
+    $userAgent = userAgent();
+    $referred = referred();
+    $param = parameter();
+    
+
+    $data = 
+        "Logged IP address: $ip, " .
+        "User-Agent: $userAgent, " . 
+        "Referred by: $referred, " .
+        "Parameter: $param, " .
+        "Date logged: $date " .
+        "\n";
+
+    if(preg_match($pattern, $logFilename))
+        fputs($log, $data);
+
+    fclose($log); //close log
+
+    redirect();
+}
+?>