En vous promenant sur Beamreactor, nous stockons votre IP 48h pour des raisons de sécurité.

Lecteur Markdown

tracking Documentation › TRACKING_DOCUMENTATION

TRACKING_DOCUMENTATION

Tracking — Digital Exposure Audit #

Purpose #

Demonstrates to visitors how much of their identity is exposed to any website they visit. Designed as a sales/awareness tool for cybersecurity consultations.

No data is stored. No cookies are set by this plugin. Everything is computed live and discarded.

How it works #

The plugin collects information from two sources:

Server-side (PHP): IP address (with proxy/VPN detection via `ipCheck()`), User-Agent, accepted languages, referrer, source port, forwarding headers (X-Forwarded-For, Cloudflare).

Client-side (JavaScript): Screen resolution, colour depth, CPU cores, device memory, connection type, battery status, timezone, platform, canvas fingerprint, WebGL renderer/vendor, audio fingerprint, Do Not Track, cookies, localStorage, browser plugins, touchscreen capability, WebRTC IP leak.

A final score (0–100) is computed based on how many vectors returned usable data. The score represents exposure percentage, not a security rating.

Threat levels #

Each data card is visually tagged by exposure severity:

  • Low (green border): minimal identifying power on its own
  • Medium (yellow border): contributes to fingerprint entropy
  • High (red border): strongly identifying
  • Critical (pulsing red border): near-unique identifier

Security #

  • Access restricted to `TRACKING_LEVEL_HIGHUSER` by default
  • Not public (`$is_public = 0`)
  • All server-side values sanitized via `Parser`
  • No database required
  • No data persistence

Structure #

/plugins/tracking/
├── tracking.php
├── /conf/
│   └── tracking.conf.inc.php
├── /doc/
│   └── tracking.md
├── /locale/
│   ├── tracking.en.inc.php
│   ├── tracking.fr.inc.php
│   └── tracking.de.inc.php
├── /css/
│   └── tracking.css
└── /js/
    └── tracking.js

Configuration #

In `conf/tracking.conf.inc.php`:

  • `$ftype = 2` — classified as stats/crawler tool
  • `$is_public = 0` — not available to unauthenticated visitors
  • `TRACKING_LEVEL_HIGHUSER` — minimum access level

To restrict to admins only:

defined('TRACKING_LEVEL_HIGHUSER') or define('TRACKING_LEVEL_HIGHUSER', BASE_LEVEL_ADMIN);

Translations #

47 translation keys in `$dialtracking[]`. Available in EN, FR, DE.

JavaScript API #

The plugin exposes three global functions (prefixed to avoid collision):

  • `tracking_init()` — entry point, called via `$footdata`
  • `tracking_checkWebRTC(translations, callback)` — async WebRTC leak test
  • `tracking_updateVerdict(score, maxScore, translations)` — recomputes and displays the verdict

All translations are passed via `setJavascriptLocale()` through the `PLUGIN_TRANSLATION.tracking` namespace.

Changelog #

  • 2.0.0 (2026-02-07): Complete rewrite. Added canvas/WebGL/audio fingerprinting, WebRTC leak detection, battery API, scoring system. Full i18n. BeamReactor plugin conventions.
  • 1.0.0 (2003): Original version. Basic server info + inline JavaScript.
← Toutes les docs tracking
de en fr