Skip to content
/ Headless Public

A bot demonstrating the weaknesses in the current adplay validation scheme on eovendo.com.

License

MIT license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Discountrobot/Headless

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
chrome extension
chrome extension
 
 
headless
headless
 
 
Gruntfile.js
Gruntfile.js
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Headless

Headless is a project demonstrating how easily the verification scheme of eovendo.com can be foiled. The project both includes a bot based upon phantomjs utilizing multi-threading, dispatched by python. And a [chrome extension](chrome extension) for a more visualized demonstration.

Features

  1. Minimal bandwidth usage: (currently using less than 600kb pr. account)
  2. Proxies: Taking advantage of the native proxy flag in phantomjs the python dispatcher can take a list of proxy servers and will randomly assign a proxy to each Thread.
  3. currently undetectable, given the data-model sent between the client and the server (more on this in the verification scheme section .

Limitations

  1. There are known memory leaks in phantomjs, so if you're running the script on something small, say a raspberry pi, then remember to make a swap file to prevent hanging.

Verification Scheme

The verification scheme for correctly watching a commercial on eovendo.com is easily reverse engineered given the insight in the javaScript API, and the console output.

  1. javaScript API: adplay.js
  2. structure of a sample "GET" request: postback.json.

Time validation

Verification happens through validating the time and that it has changed correctly. We can describe this scheme with a formula.
R = requestTime = the time of the request
S = startTime = the time stamp given when starting the commercial
E = endTIme = the time stamp given when finishing the commercial
mediaDuration = the runtime of the commercial

we describe the formula as R < (S + mediaDuration) <= E which can also be visualized as:

Possible pesudo server code

Below is a pseudo snippet of what could be the validating part of the server, written in javaScript syntax.

if (
    // timestamp
    client.RequestTime === server.RequestTime && 
    client.StartTime > client.RequestTime && 
    client.EndTime >= client.SartTime + server.Campaign.MediaDuration  &&

    // values that needs to be set accordingly
    client.AdStatus.value === 'Completed' &&
    client.Campaign.IsViewed === true &&

    // other values that needs to be set (correct by default)
    client.id === server.id &&
    client.UserId === server.UserId &&
    client.Tag === server.Tag &&
    client.RequestIpAddress === server.RequestIpAddress &&
    client.Campaign.CampaignId === server.Campaign.CampaignId &&
) {
    return true;
}

Installation

Chrome Extension

read more here: [chrome extension](chrome extension)

Phantomjs bot

read more here: headless.js

License

MIT

About

A bot demonstrating the weaknesses in the current adplay validation scheme on eovendo.com.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

v.1.3 Latest
Dec 24, 2013

Packages

No packages published

Languages