ß®îÐë§måîÐs Web Bug Page

Here is a web bug...


The bug is the black dot! It is a 1 by 1 pixel image. Hardly notice it do you?...

However a 1 by 1 graphic isn't very interesting by itself. Suppose we generate the graphic on the fly using a CGI script though?


Just for completeness, we can also call the script as a link, likewise the image.

The obvious thing a script can do instead of a simple graphic is do processing, and take parameters. For example, the calls made to the script above, should have generated some entries in this log file. In the test log file I have got here you can see three columns:

  1. The time the bug script was called (the time at the bug web server, not the time at the client);
  2. The host IP address of the client (which could be a proxy server IP); and
  3. Details of any parameters passed to the bug

So lets try passing some parameters...

If we try it with an image though:


we see that the parameters do not appear (i.e. look in the log and you won't see anything in the third column). This is because the browser itself strips out any parameters from the IMG tag used to pull in the graphic. This is a good thing for security, but a bit of a shame for our demonstration purposes. If however you happen to have access to web server log files for your site then you can place the parameters in the name of the image itself and then look for failed filename entries in your log (also of course you could modify your web server to translate incoming names of a particular format).

However if we ask the user to click it as a link, then parameters should appear in the log.

More examples here.