Allometry

Fun with Sinatra

I’ve been a predominate PHP programmer for about ten years now, but my interest in Ruby was sparked about five years ago. I’ve always followed Ruby as a web programming lang, but never had a project that would pay for my time to really get into what Ruby and it’s many famous frameworks can do.

That is, until someone pissed me off.

I probably should have let it go. However, I am easily annoyed by some folks who act like an authority on a subject, but obviously have no clue as to what they’re talking about.

The individual and specific conversation isn’t important here, but some context will do you well. In my spit of rage (nearly putting my foot through the computer) I managed to get this guy banned from one of the forums, of which I’m a regular. Not a permaban, but something to get his attention. Anyway, he registers another account, or so I think.

To confirm my suspicion, I must get this guys IP address. Not easy to do, if you’re several levels removed from direct access to your target. That’s where Little Snoop comes in.

Little Snoop is a small Ruby app with Sinatra running on top. It’s backed by a Mongo DB and is drop dead simple. This post is for those of you, like me, who want to play with this stuff, but don’t have someone around to get you involved, or you just don’t have a lot of time.

Here’s the code

Some HAML

Little Snoop works like this. You don’t want your target to become suspicious of your actions, therefore you must keep a low profile. What’s more low profile than a 1x1 transparent PNG?

The request for this image is an action within the Little Snoop code, with the targets name acting as the key in the request string. When the target opens up a personal/private message with the image embedded, it logs their IP.

In my case, all I have to do is send a non-sense message to both users on the forum and hope they open it. Then I can track, verify and confront (the rules on this forum don’t allow for multiple accounts).

There’s no security in Little Snoop and it’s very wide open. There’s no checks, validation or anything like that: it’s just a dirty little application that gets the job done and was fun to write.

Enjoy!