🛡️ Advanced Web Data Collection: Building PhantomCollect for Security Research

🔍 Introduction

In the realm of cybersecurity, understanding what data web applications can collect is crucial for both attackers and defenders. Today, we're diving deep into PhantomCollect - an advanced stealth data collection framework I developed for legitimate security research and penetration testing.

Disclaimer: This tool is for educational purposes and authorized security testing only. Users are solely responsible for complying with all applicable laws.

🏗️ Architectural Overview

PhantomCollect employs a sophisticated client-server architecture that demonstrates the extensive data exposure possibilities in modern web browsers.

Server-Side Python Implementation

from http.server import HTTPServer, BaseHTTPRequestHandler
import json
import datetime
import sqlite3
import os

class SimpleDataHandler(BaseHTTPRequestHandler):

    def do_GET(self):
        if self.path == '/':
            self.serve_html()
        else:
            self.send_error(404)

    def do_POST(self):
        if self.path == '/api/collect':
            self.handle_data_collection()
        else:
            self.send_error(404)

The Python backend serves dual purposes:

· Web Interface: Delivers the data collection page
· API Endpoint: Processes and stores collected data

Multi-Layer Storage System

def save_to_db(self, data):
    conn = sqlite3.connect('victims.db')
    c = conn.cursor()

    c.execute('''INSERT INTO victims 
                (timestamp, ip, user_agent, location, device_info, all_data) 
                VALUES (?, ?, ?, ?, ?, ?)''',
             (data['timestamp'],
              data['collectedData'].get('publicIP', 'Unknown'),
              data['collectedData']['basicInfo']['userAgent'],
              self.extract_location(data),
              self.extract_device_info(data),
              json.dumps(data, indent=2)))

    conn.commit()
    conn.close()

🎯 The 10-Layer Data Collection Engine

The JavaScript frontend implements comprehensive data gathering across multiple dimensions:

1. Basic Device Fingerprinting

allData.collectedData.basicInfo = {
    userAgent: navigator.userAgent,
    platform: navigator.platform,
    vendor: navigator.vendor,
    language: navigator.language,
    languages: navigator.languages
};

1. Advanced Hardware Profiling

allData.collectedData.hardwareInfo = {
    hardwareConcurrency: navigator.hardwareConcurrency,  // CPU cores
    deviceMemory: navigator.deviceMemory,                // RAM in GB
    maxTouchPoints: navigator.maxTouchPoints            // Touch capability
};

1. Precise Geolocation Tracking

allData.collectedData.gpsLocation = {
    latitude: position.coords.latitude,
    longitude: position.coords.longitude,
    accuracy: position.coords.accuracy,     // Accuracy in meters
    altitude: position.coords.altitude,
    speed: position.coords.speed           // Movement speed
};

1. Network Intelligence

allData.collectedData.networkInfo = {
    effectiveType: navigator.connection.effectiveType,  // 4g, 3g, etc.
    downlink: navigator.connection.downlink,            // Bandwidth
    rtt: navigator.connection.rtt                       // Latency
};

1. Power Management Insights

allData.collectedData.batteryInfo = {
    charging: battery.charging,
    level: Math.round(battery.level * 100),     // Battery percentage
    chargingTime: battery.chargingTime,
    dischargingTime: battery.dischargingTime
};

📊 Real-Time Data Visualization

One of PhantomCollect's powerful features is its real-time terminal display:

def print_victim_info(self, data):
    print(f"\n{'🎯'*20} NEW VICTIM DATA {'🎯'*20}")
    print(f"🕒 Time: {data['timestamp']}")

    ip = data['collectedData'].get('publicIP', 'Unknown')
    print(f"🌐 IP: {ip}")

    # Location intelligence
    if 'ipGeoInfo' in data['collectedData']:
        geo = data['collectedData']['ipGeoInfo']
        print(f"📍 Location: {geo.get('city', 'Unknown')}, {geo.get('country', 'Unknown')}")
        print(f"🏢 ISP: {geo.get('isp', 'Unknown')}")

    # Device capabilities
    basic = data['collectedData']['basicInfo']
    screen = data['collectedData']['screenInfo']
    print(f"📱 Platform: {basic['platform']}")
    print(f"🖥️ Screen: {screen['width']}x{screen['height']}")

Sample Terminal Output:

🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯 NEW VICTIM DATA 🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯🎯
🕒 Time: 2024-01-15T10:30:00.000Z
🌐 IP: 192.168.1.100
📍 Location: New York, United States
🏢 ISP: Comcast Cable
📱 Platform: Win32
🖥️ Screen: 1920x1080
🔋 Battery: 85%
📡 Network: 4g
💾 Memory: 8GB
⚡ Cores: 8

🛡️ Security Applications

Penetration Testing

PhantomCollect helps security professionals:

· Test data leakage in web applications
· Demonstrate privacy risks to stakeholders
· Train employees on digital footprint awareness

Security Research

· Browser fingerprinting analysis
· Privacy vulnerability assessment
· Incident response simulation

⚖️ Ethical Considerations

When developing and using such tools, consider:

1. Authorization: Only use on systems you own or have explicit permission to test
2. Transparency: Clearly notify users about data collection
3. Data Handling: Securely store and properly dispose of collected data
4. Legal Compliance: Adhere to GDPR, CCPA, and other privacy regulations

🚀 Getting Started

Installation

pip install phantomcollect

Basic Usage

phantomcollect
# Access: http://localhost:8080

Advanced Deployment

# Make it publicly accessible
phantomcollect & ngrok http 8080

💡 Key Technical Insights

During development, several important findings emerged:

1. Modern browsers expose significantly more data than most users realize
2. Combining multiple data points creates unique device fingerprints
3. Stealth techniques are essential for realistic security testing
4. Proper data sanitization is crucial when handling sensitive information

🔮 Future Enhancements

Planned features for PhantomCollect:

· Tor network integration for anonymous testing
· Advanced evasion techniques to bypass detection
· Machine learning analysis of collected data patterns
· Comprehensive reporting dashboard

🎯 Conclusion

PhantomCollect demonstrates the extensive data exposure capabilities of modern web technologies. For security professionals, understanding these vectors is essential for building more secure applications and educating users about digital privacy.

The tool serves as both an educational resource and a practical security testing framework, emphasizing the importance of ethical development and responsible disclosure in cybersecurity research.

Remember: With great power comes great responsibility. Always use such tools ethically and legally.

---

🔗 Resources & Official Channels

📦 Primary Sources & Distribution

· Codeberg (Main Repository): https://codeberg.org/xsser01/phantomcollect
· PyPI Package: https://pypi.org/project/phantomcollect/
· Arch Linux AUR: https://aur.archlinux.org/packages/phantomcollect
· Arch Linux Wiki: https://wiki.archlinux.org/title/User:Xsser01/Phantomcollect

🌐 Featured On & Community Presence

· SourceForge: https://sourceforge.net/projects/phantomcollect/
· AlternativeTo: https://alternativeto.net/software/phantomcollect/about/
· LibHunt: https://www.libhunt.com/r/phantomcollect
· Launchpad: https://launchpad.net/phantomcollect
· StackShare: https://stackshare.io/xsser01/phantomcollect