{"id":13539905,"url":"https://github.com/ghostery/local-sheriff","last_synced_at":"2025-04-07T12:05:45.863Z","repository":{"id":39877882,"uuid":"130978327","full_name":"ghostery/local-sheriff","owner":"ghostery","description":"Think of Local sheriff as a recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.","archived":false,"fork":false,"pushed_at":"2022-12-11T22:37:29.000Z","size":9525,"stargazers_count":305,"open_issues_count":17,"forks_count":24,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-08-11T17:10:15.589Z","etag":null,"topics":["data-leakage","gdpr-checklist","owasp-top-10","privacy-tools","sensitive-data-exposure","web-extension"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ghostery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-25T08:54:42.000Z","updated_at":"2024-06-19T19:01:34.000Z","dependencies_parsed_at":"2023-01-27T08:31:25.423Z","dependency_job_id":null,"html_url":"https://github.com/ghostery/local-sheriff","commit_stats":null,"previous_names":["cliqz-oss/local-sheriff"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghostery%2Flocal-sheriff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghostery%2Flocal-sheriff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghostery%2Flocal-sheriff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghostery%2Flocal-sheriff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ghostery","download_url":"https://codeload.github.com/ghostery/local-sheriff/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247648976,"owners_count":20972945,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data-leakage","gdpr-checklist","owasp-top-10","privacy-tools","sensitive-data-exposure","web-extension"],"created_at":"2024-08-01T09:01:33.821Z","updated_at":"2025-04-07T12:05:45.838Z","avatar_url":"https://github.com/ghostery.png","language":"JavaScript","funding_links":[],"categories":["\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","JavaScript","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"05ab1b75266fddafc7195f5b395e4d99\"\u003e\u003c/a\u003e未分类-OSINT"],"readme":" ![Local shreiff Logo](docs/images/sheriff-icon-doc.png)\r\n# Local-sheriff\r\n\r\n[![DEFCON 26 Demolabs](https://img.shields.io/badge/DEFCON%2026-DEMOLABS-red.svg)](https://www.defcon.org/html/defcon-26/dc-26-demolabs.html)\r\n\r\nThink of Local sheriff as a reconnaissance tool in your browser.\r\nWhile you normally browse the internet it works in the background and helps you to identify what sensitive [personally identifiable information (PII)](https://en.wikipedia.org/wiki/Personally_identifiable_information)  about you is being shared or leaked, and to which all third-parties.\r\n\r\nLocal Sheriff is a web-extension that can be used with Chrome, Opera, Firefox. Usage section has more details.\r\n\r\n ![cover image](docs/images/cover-image.png)\r\n\r\n## Motivation:\r\n ![cover image](docs/images/image-tracking.jpeg)\r\n\r\nIt has become the norm for websites to load enormous amounts of third-party resources on their webpages. Websites have genuine use cases like analytics, measure app performance, audience measurements, goal conversions, content recommendation, social sharing , CDNs etc.\r\n\r\nBut the way these third-parties are implemented \u0026 used by websites they are often not privacy proof.\r\nSensitive user information like passwords, email-ids, name, order IDs, date-of-birth and other PII is leaked in abundance to whole bunch of third-parties.\r\n\r\n ![cover image](docs/images/local-sherrif-lufthansa-image.png)\r\n\r\n**The issues that Local Sheriff aims to highlight:**\r\n1. Was the user aware and gave consent to share this sensitive information with these parties?\r\n2. Why do these third parties need to receive this information?\r\n3. Is the website owner even aware that sensitive user information is being leaked to these third parties?\r\n4. Who are these third parties?\r\n5. What can they do with this user information?\r\n\r\n## How Local Sheriff identifies leaks:\r\n\r\n### While you are interacting with the webpages, the PII could be:\r\n\r\n**1.\tIn the URL (Eg: booking reference, Lastname, email, twitter handle etc.)**\r\n\r\n   ![cover image](docs/images/sensitive-data-in-url.png)\r\n\r\n**2.\tOn page content (Eg: capability URLs, which contain sensitive information but are not behind log in)**\r\n\r\n   ![cover image](docs/images/senstive-data-on-page.png)\r\n\r\n**3.\tThe values entered in forms**\r\n\r\n### These URL’s can be shared with the third-parties:\r\n\r\n**1.\tVia HTTP Headers like Referrer**\r\n\r\n   ![cover image](docs/images/data-shared-in-ref.png)\r\n\r\n**2.\tVia query parameters**\r\n \r\n   ![cover image](docs/images/data-shared-query-parameters.png)\r\n\r\n**3.\tBrowser features like Chrome browser – Translate and more.**\r\n\r\n### After you install Local Sheriff it starts to observes browser network traffic silently for the following:\r\n1. Web pages (First party) loading third-party resources.\r\n2. URLs being leaked by a first-party to third-party. Via HTTP header like Referrer and/or via query parameters third-parties.\r\n3. Data being sent to third-parties in GET request \u0026 POST request.\r\n4. Information being entered in forms.\r\n5. As soon as Local Sheriff detects that a URL has been shared with a third-party, it issues an anonymous `GET` request to that page again to simulate what information can be accessed only based on the URL without user cookies, session etc.\r\n6. HTML content of page fetched after step-5 is also saved for inspection.\r\n\r\n### The user can at any time visit the control-panel page by clicking the icon in the address bar:\r\n![cover image](docs/images/control-panel.png)\r\n\r\n1.\tLists if any of the information entered in the input fields is shared with the third-parties.\r\n2.\tUser can query text, cookie values etc and it will list down: Which websites leaked this query to how many third-parties and who they belong to.\r\n![cover image](docs/images/cookie-synching-in-action.png)\r\n\r\n\r\n **DEMO:** [Example of how information entered in forms can be leaked.](https://streamable.com/yl3qq)\r\n\r\n## Data Sources:\r\n\r\nLocal Sheriff uses the open-source tracker database from [WhoTracks.me](https://whotracks.me/) for creating tracker hostname to company mapping. Right now it is packaged in the extension itself.\r\n\r\nEg: Given a tracker hostname: `atlassbx.com` find the company who owns it: `Facebook`.\r\n\r\n## Usage:\r\n```\r\ngit clone https://github.com/cliqz-oss/local-sheriff.git\r\n\r\nChrome:\r\n1. Open chrome://extensions\r\n2. Enable developer mode\r\n3. Load unpacked extension \u0026 point to the folder local-sheriff\r\n\r\nFirefox:\r\n1. open about:debugging\r\n2. Load temporary-addon\r\n3. Point to the folder local-sheriff and select manifest.json.\r\n\r\nPlease note Firefox will remove the extension on restart.\r\n```\r\n\r\nAlternatively:\r\n- You can install from Chrome store : [Local Sheriff](https://chrome.google.com/webstore/detail/local-sheriff/ckmkiloofgfalfdhcfdllaaacpjjejeg)\r\n\r\nOnce you have it running, visit different pages like:\r\n\r\n- Check some e-commerce order status\r\n- Fill some forms\r\n- Try reset password\r\n\r\nCheck the control center to see what information has been shared.\r\n\r\nPlease note:\r\n\r\n- Local Sheriff will not work optimally if you have some tools like ad-blocking, Ghostery, privacy-badger installed.\r\n\r\n## Examples of data leaks:\r\n- [Emirates](https://medium.freecodecamp.org/how-airlines-dont-care-about-your-privacy-case-study-emirates-com-6271b3b8474b)\r\n- [HackerOne](https://twitter.com/konarkmodi/status/978640867627098118) :[Video](https://streamable.com/yl3qq)\r\n- [Shadow profile: Can Facebook track you if even you have never visited it?](https://streamable.com/yzgz5)\r\n- Spotify leaks \u0026 fixes.\r\n- Lufthansa\r\n- GA-DoubleClick Cookie sync\r\n- Criteo Cookie sync\r\n- Foodora\r\n\r\n## App store links:\r\n- Chrome store - [Local Sheriff](https://chrome.google.com/webstore/detail/local-sheriff/ckmkiloofgfalfdhcfdllaaacpjjejeg)\r\n- Firefox store - [Local Sheriff](https://addons.mozilla.org/en-US/firefox/addon/local-sheriff/)\r\n\r\n## Contributing\r\n\r\nThanks for your interest in contributing to *Local Sheriff*! There are many ways to contribute. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md).\r\n\r\n## Roadmap:\r\n\r\n1. Clean data on stored on disk on clear history signal.\r\n2. Adopt build infra. for extensions.\r\n3. Automatically notify user on form data being shared with third-parties.\r\n4. Use more data sources like Headers, Cookies, POST request content, data being sent as Base64 payload.\r\n5. Ability for the users to see which third-parties can track them across them across web and also de-anonymize them.\r\n6. HAR support: Make core API which stores data and provides search interface generic so that this tool can be used outside the browser to inspect traffic outside of browser.\r\n\r\n## PRIVACY \u0026 SECURITY\r\n\r\n- Local Sheriff does not transmit any data over the internet. All data needed for analysis remains on your local hard disk drive at all times. However, the data saved by this extension is NOT encrypted, so any data you save remains in the clear, although it will remain on your hard drive and only someone who knows where to look and has physical access to your hard drive would be able to access it. There is a plan in the roadmap to delete the data when user clears history.\r\n\r\n- Extensions in Chrome by default do not work in incognito mode. While, in Firefox they are enabled with limited functionailty. It would worth checking and deciding what should be the desired behaviour.\r\n\r\n- Clear data: Incase the extension is slow, or you want to remove the data. Please click on the clear data button. It will remove all the data stored by Local Sheriff \u0026 re-load the extension.\r\n\r\n![Clear Data](docs/images/clear-data.png)\r\n\r\n## Contributors:\r\n\r\nThanks to [@solso](https://twitter.com/solso) [@Pythux](https://twitter.com/Pythux) [@ecnmst](https://github.com/ecnmst) for their valuable inputs and being early adopters of this tool.\r\n\r\n#### Lead Developer:\r\n\r\nKonark Modi: [@konarkmodi](https://twitter.com/konarkmodi)\r\n\r\n#### Coverage:\r\n\r\n- [Threatpost](https://threatpost.com/def-con-2018-telltale-urls-leak-pii-to-dozens-of-third-parties/134960/)\r\n- [ghacks.net](https://www.ghacks.net/2018/08/12/local-sheriff-reveals-if-sites-leak-personal-information-with-third-parties/)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fghostery%2Flocal-sheriff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fghostery%2Flocal-sheriff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fghostery%2Flocal-sheriff/lists"}