The latest articles on DEV Community by xsser01 (@xsser01). https://dev.to/xsser01 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3604628%2F7193912a-e5f2-474f-ad87-364af78eb653.jpg https://dev.to/xsser01 en xsser01 Thu, 13 Nov 2025 12:44:48 +0000 https://dev.to/xsser01/advanced-web-data-collection-building-phantomcollect-for-security-research-4b3e https://dev.to/xsser01/advanced-web-data-collection-building-phantomcollect-for-security-research-4b3e <p>🔍 Introduction</p> <p>In the realm of cybersecurity, understanding what data web applications can collect is crucial for both attackers and defenders. Today, we're diving deep into PhantomCollect - an advanced stealth data collection framework I developed for legitimate security research and penetration testing.</p> <p>Disclaimer: This tool is for educational purposes and authorized security testing only. Users are solely responsible for complying with all applicable laws.</p> <p>🏗️ Architectural Overview</p> <p>PhantomCollect employs a sophisticated client-server architecture that demonstrates the extensive data exposure possibilities in modern web browsers.</p> <p>Server-Side Python Implementation<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">http.server</span> <span class="kn">import</span> <span class="n">HTTPServer</span><span class="p">,</span> <span class="n">BaseHTTPRequestHandler</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">sqlite3</span> <span class="kn">import</span> <span class="n">os</span> <span class="k">class</span> <span class="nc">SimpleDataHandler</span><span class="p">(</span><span class="n">BaseHTTPRequestHandler</span><span class="p">):</span> <span class="k">def</span> <span class="nf">do_GET</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">path</span> <span class="o">==</span> <span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="nf">serve_html</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="nf">send_error</span><span class="p">(</span><span class="mi">404</span><span class="p">)</span> <span class="k">def</span> <span class="nf">do_POST</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">path</span> <span class="o">==</span> <span class="sh">'</span><span class="s">/api/collect</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="nf">handle_data_collection</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="nf">send_error</span><span class="p">(</span><span class="mi">404</span><span class="p">)</span> </code></pre> </div> <p>The Python backend serves dual purposes:</p> <p>· Web Interface: Delivers the data collection page<br> · API Endpoint: Processes and stores collected data</p> <p>Multi-Layer Storage System<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">save_to_db</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="n">conn</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="sh">'</span><span class="s">victims.db</span><span class="sh">'</span><span class="p">)</span> <span class="n">c</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="n">c</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'''</span><span class="s">INSERT INTO victims (timestamp, ip, user_agent, location, device_info, all_data) VALUES (?, ?, ?, ?, ?, ?)</span><span class="sh">'''</span><span class="p">,</span> <span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">timestamp</span><span class="sh">'</span><span class="p">],</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">collectedData</span><span class="sh">'</span><span class="p">].</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">publicIP</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unknown</span><span class="sh">'</span><span class="p">),</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">collectedData</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">basicInfo</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">userAgent</span><span class="sh">'</span><span class="p">],</span> <span class="n">self</span><span class="p">.</span><span class="nf">extract_location</span><span class="p">(</span><span class="n">data</span><span class="p">),</span> <span class="n">self</span><span class="p">.</span><span class="nf">extract_device_info</span><span class="p">(</span><span class="n">data</span><span class="p">),</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">indent</span><span class="o">=</span><span class="mi">2</span><span class="p">)))</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <p>🎯 The 10-Layer Data Collection Engine</p> <p>The JavaScript frontend implements comprehensive data gathering across multiple dimensions:</p> <ol> <li>Basic Device Fingerprinting </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">allData</span><span class="p">.</span><span class="nx">collectedData</span><span class="p">.</span><span class="nx">basicInfo</span> <span class="o">=</span> <span class="p">{</span> <span class="na">userAgent</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">userAgent</span><span class="p">,</span> <span class="na">platform</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">platform</span><span class="p">,</span> <span class="na">vendor</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">vendor</span><span class="p">,</span> <span class="na">language</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">language</span><span class="p">,</span> <span class="na">languages</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">languages</span> <span class="p">};</span> </code></pre> </div> <ol> <li>Advanced Hardware Profiling </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">allData</span><span class="p">.</span><span class="nx">collectedData</span><span class="p">.</span><span class="nx">hardwareInfo</span> <span class="o">=</span> <span class="p">{</span> <span class="na">hardwareConcurrency</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">hardwareConcurrency</span><span class="p">,</span> <span class="c1">// CPU cores</span> <span class="na">deviceMemory</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">deviceMemory</span><span class="p">,</span> <span class="c1">// RAM in GB</span> <span class="na">maxTouchPoints</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">maxTouchPoints</span> <span class="c1">// Touch capability</span> <span class="p">};</span> </code></pre> </div> <ol> <li>Precise Geolocation Tracking </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">allData</span><span class="p">.</span><span class="nx">collectedData</span><span class="p">.</span><span class="nx">gpsLocation</span> <span class="o">=</span> <span class="p">{</span> <span class="na">latitude</span><span class="p">:</span> <span class="nx">position</span><span class="p">.</span><span class="nx">coords</span><span class="p">.</span><span class="nx">latitude</span><span class="p">,</span> <span class="na">longitude</span><span class="p">:</span> <span class="nx">position</span><span class="p">.</span><span class="nx">coords</span><span class="p">.</span><span class="nx">longitude</span><span class="p">,</span> <span class="na">accuracy</span><span class="p">:</span> <span class="nx">position</span><span class="p">.</span><span class="nx">coords</span><span class="p">.</span><span class="nx">accuracy</span><span class="p">,</span> <span class="c1">// Accuracy in meters</span> <span class="na">altitude</span><span class="p">:</span> <span class="nx">position</span><span class="p">.</span><span class="nx">coords</span><span class="p">.</span><span class="nx">altitude</span><span class="p">,</span> <span class="na">speed</span><span class="p">:</span> <span class="nx">position</span><span class="p">.</span><span class="nx">coords</span><span class="p">.</span><span class="nx">speed</span> <span class="c1">// Movement speed</span> <span class="p">};</span> </code></pre> </div> <ol> <li>Network Intelligence </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">allData</span><span class="p">.</span><span class="nx">collectedData</span><span class="p">.</span><span class="nx">networkInfo</span> <span class="o">=</span> <span class="p">{</span> <span class="na">effectiveType</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">connection</span><span class="p">.</span><span class="nx">effectiveType</span><span class="p">,</span> <span class="c1">// 4g, 3g, etc.</span> <span class="na">downlink</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">connection</span><span class="p">.</span><span class="nx">downlink</span><span class="p">,</span> <span class="c1">// Bandwidth</span> <span class="na">rtt</span><span class="p">:</span> <span class="nb">navigator</span><span class="p">.</span><span class="nx">connection</span><span class="p">.</span><span class="nx">rtt</span> <span class="c1">// Latency</span> <span class="p">};</span> </code></pre> </div> <ol> <li>Power Management Insights </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">allData</span><span class="p">.</span><span class="nx">collectedData</span><span class="p">.</span><span class="nx">batteryInfo</span> <span class="o">=</span> <span class="p">{</span> <span class="na">charging</span><span class="p">:</span> <span class="nx">battery</span><span class="p">.</span><span class="nx">charging</span><span class="p">,</span> <span class="na">level</span><span class="p">:</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">round</span><span class="p">(</span><span class="nx">battery</span><span class="p">.</span><span class="nx">level</span> <span class="o">*</span> <span class="mi">100</span><span class="p">),</span> <span class="c1">// Battery percentage</span> <span class="na">chargingTime</span><span class="p">:</span> <span class="nx">battery</span><span class="p">.</span><span class="nx">chargingTime</span><span class="p">,</span> <span class="na">dischargingTime</span><span class="p">:</span> <span class="nx">battery</span><span class="p">.</span><span class="nx">dischargingTime</span> <span class="p">};</span> </code></pre> </div> <p>📊 Real-Time Data Visualization</p> <p>One of PhantomCollect's powerful features is its real-time terminal display:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">print_victim_info</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="si">{</span><span class="sh">'</span><span class="s">🎯</span><span class="sh">'</span><span class="o">*</span><span class="mi">20</span><span class="si">}</span><span class="s"> NEW VICTIM DATA </span><span class="si">{</span><span class="sh">'</span><span class="s">🎯</span><span class="sh">'</span><span class="o">*</span><span class="mi">20</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">🕒 Time: </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">timestamp</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">collectedData</span><span class="sh">'</span><span class="p">].</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">publicIP</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unknown</span><span class="sh">'</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">🌐 IP: </span><span class="si">{</span><span class="n">ip</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Location intelligence </span> <span class="k">if</span> <span class="sh">'</span><span class="s">ipGeoInfo</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">collectedData</span><span class="sh">'</span><span class="p">]:</span> <span class="n">geo</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">collectedData</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">ipGeoInfo</span><span class="sh">'</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">📍 Location: </span><span class="si">{</span><span class="n">geo</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">city</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unknown</span><span class="sh">'</span><span class="p">)</span><span class="si">}</span><span class="s">, </span><span class="si">{</span><span class="n">geo</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">country</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unknown</span><span class="sh">'</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">🏢 ISP: </span><span class="si">{</span><span class="n">geo</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">isp</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unknown</span><span class="sh">'</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Device capabilities </span> <span class="n">basic</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">collectedData</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">basicInfo</span><span class="sh">'</span><span class="p">]</span> <span class="n">screen</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">collectedData</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">screenInfo</span><span class="sh">'</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">📱 Platform: </span><span class="si">{</span><span class="n">basic</span><span class="p">[</span><span class="sh">'</span><span class="s">platform</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">🖥️ Screen: </span><span class="si">{</span><span class="n">screen</span><span class="p">[</span><span class="sh">'</span><span class="s">width</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">x</span><span class="si">{</span><span class="n">screen</span><span class="p">[</span><span class="sh">'</span><span class="s">height</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Sample Terminal Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯 NEW VICTIM DATA 🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯 🕒 Time: 2024-01-15T10:30:00.000Z 🌐 IP: 192.168.1.100 📍 Location: New York, United States 🏢 ISP: Comcast Cable 📱 Platform: Win32 🖥️ Screen: 1920x1080 🔋 Battery: 85% 📡 Network: 4g 💾 Memory: 8GB ⚡ Cores: 8 </code></pre> </div> <p>🛡️ Security Applications</p> <p>Penetration Testing</p> <p>PhantomCollect helps security professionals:</p> <p>· Test data leakage in web applications<br> · Demonstrate privacy risks to stakeholders<br> · Train employees on digital footprint awareness</p> <p>Security Research</p> <p>· Browser fingerprinting analysis<br> · Privacy vulnerability assessment<br> · Incident response simulation</p> <p>⚖️ Ethical Considerations</p> <p>When developing and using such tools, consider:</p> <ol> <li>Authorization: Only use on systems you own or have explicit permission to test</li> <li>Transparency: Clearly notify users about data collection</li> <li>Data Handling: Securely store and properly dispose of collected data</li> <li>Legal Compliance: Adhere to GDPR, CCPA, and other privacy regulations</li> </ol> <p>🚀 Getting Started</p> <p>Installation<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>phantomcollect </code></pre> </div> <p>Basic Usage<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>phantomcollect <span class="c"># Access: http://localhost:8080</span> </code></pre> </div> <p>Advanced Deployment<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Make it publicly accessible</span> phantomcollect &amp; ngrok http 8080 </code></pre> </div> <p>💡 Key Technical Insights</p> <p>During development, several important findings emerged:</p> <ol> <li>Modern browsers expose significantly more data than most users realize</li> <li>Combining multiple data points creates unique device fingerprints</li> <li>Stealth techniques are essential for realistic security testing</li> <li>Proper data sanitization is crucial when handling sensitive information</li> </ol> <p>🔮 Future Enhancements</p> <p>Planned features for PhantomCollect:</p> <p>· Tor network integration for anonymous testing<br> · Advanced evasion techniques to bypass detection<br> · Machine learning analysis of collected data patterns<br> · Comprehensive reporting dashboard</p> <p>🎯 Conclusion</p> <p>PhantomCollect demonstrates the extensive data exposure capabilities of modern web technologies. For security professionals, understanding these vectors is essential for building more secure applications and educating users about digital privacy.</p> <p>The tool serves as both an educational resource and a practical security testing framework, emphasizing the importance of ethical development and responsible disclosure in cybersecurity research.</p> <p>Remember: With great power comes great responsibility. Always use such tools ethically and legally.</p> <p>🔗 Resources &amp; Official Channels</p> <p>📦 Primary Sources &amp; Distribution</p> <p>· Codeberg (Main Repository): <a href="https://codeberg.org/xsser01/phantomcollect" rel="noopener noreferrer">https://codeberg.org/xsser01/phantomcollect</a><br> · PyPI Package: <a href="https://pypi.org/project/phantomcollect/" rel="noopener noreferrer">https://pypi.org/project/phantomcollect/</a><br> · Arch Linux AUR: <a href="https://aur.archlinux.org/packages/phantomcollect" rel="noopener noreferrer">https://aur.archlinux.org/packages/phantomcollect</a><br> · Arch Linux Wiki: <a href="https://wiki.archlinux.org/title/User:Xsser01/Phantomcollect" rel="noopener noreferrer">https://wiki.archlinux.org/title/User:Xsser01/Phantomcollect</a></p> <p>🌐 Featured On &amp; Community Presence</p> <p>· SourceForge: <a href="https://sourceforge.net/projects/phantomcollect/" rel="noopener noreferrer">https://sourceforge.net/projects/phantomcollect/</a><br> · AlternativeTo: <a href="https://alternativeto.net/software/phantomcollect/about/" rel="noopener noreferrer">https://alternativeto.net/software/phantomcollect/about/</a><br> · LibHunt: <a href="https://www.libhunt.com/r/phantomcollect" rel="noopener noreferrer">https://www.libhunt.com/r/phantomcollect</a><br> · Launchpad: <a href="https://launchpad.net/phantomcollect" rel="noopener noreferrer">https://launchpad.net/phantomcollect</a><br> · StackShare: <a href="https://stackshare.io/xsser01/phantomcollect" rel="noopener noreferrer">https://stackshare.io/xsser01/phantomcollect</a></p> cybersecurity python privacy webdev