secubox/secubox-deb
1
0
Fork 0
mirror of https://github.com/CyberMind-FR/secubox-deb.git synced 2026-06-29 21:38:35 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: secubox:1a8ed97cfe882fc45ce0bc0ffb43e73cef189fd4
Branches Tags
secubox:master
secubox:feature/appstore-phase-a
secubox:feature/gondwana-phase1-mesh
secubox:fix/remove-authelia-sso
secubox:feature/760-standardize-secubox-lan-to-192-168-10-0
secubox:fix/secubox-p2p-master-link-statedir
secubox:feature/761-fix-podcaster-audio-player-stops-every-f
secubox:feature/758-nft-based-network-stats-log-counter-drop
secubox:feature/748-enhanced-tow-boot-http-netboot-serial-fl
secubox:feature/738-aggregator-resilience-sweep-async-handle
secubox:feature/737-secubox-netboot-provisioning-reseau-over
secubox:feature/728-sovereign-threat-intel-drop-crowdsec-cap
secubox:feature/727-secubox-aggregator-auto-heal-watchdog-ti
secubox:feature/726-secubox-podcaster-modern-podcast-manager
secubox:fix/494-secubox-core-service-execstart-overrides
secubox:feature/65-fix-nginx-add-missing-api-routes-to-webu
secubox:fix/53-wazuh-uvicorn-process-causes-100-cpu-spi
secubox:fix/121-metablog-ingest-site-dirs-should-be-crea
secubox:feature/724-toolbox-banner-in-banner-r0-r3-level-swi
secubox:feature/722-dpi-phase-3-ndpid-daemon-ci-cross-build
secubox:feature/720-dpi-phase-3-per-device-daily-history-tim
secubox:feature/718-dpi-phase-3-asn-enrichment-classify-sni
secubox:feature/716-kbin-pdf-donut-grid-layout-broken-each-d
secubox:feature/714-kbin-pdf-charts-blank-in-some-viewers-re
secubox:feature/711-kbin-pdf-donut-charts-render-as-solid-pi
secubox:feature/709-kbin-pdf-integrate-carto-graph-emoji-dat
secubox:feature/707-kbin-report-cyberpunk-netrunner-characte
secubox:feature/705-dpi-report-shows-zeros-exfil-is-a-60s-sn
secubox:feature/703-kbin-pdf-render-visual-donut-charts-mitm
secubox:feature/701-kbin-pdf-report-include-dpi-exfil-stats
secubox:feature/699-kbin-report-tabbed-donut-stats-pistage-d
secubox:feature/697-sbxmitm-truncates-responses-8mib-large-g
secubox:feature/695-dpi-dashboard-fill-top-apps-protocols-ba
secubox:feature/692-dpi-beaconing-rule-fires-on-sub-second-a
secubox:feature/687-plan-full-flow-dpi-on-r3-ndpid-netifyd-p
secubox:feature/689-sbxmitm-forged-leaf-certs-expire-after-2
secubox:feature/683-plan-kbin-tor-endpoint-quick-switch-anon
secubox:fix/662-altsvc-strip
secubox:feat/662-client-geoflag
secubox:feat/662-inline-banner
secubox:feat/662-adlearn
secubox:feat/662-social-relay
secubox:feat/662-cumulative-live
secubox:feat/662-analysis-relay
secubox:feat/662-csp-demo
secubox:feat/662-utls-chrome
secubox:feat/662-adstats-popups
secubox:fix/662-no-follow-redirect
secubox:fix/662-gzip-banner
secubox:feat/662-cutover-fix
secubox:feat/662-transparent-machash
secubox:feat/662-phase5prep-pkg
secubox:feat/662-phase4-jar
secubox:feat/662-phase3-parity
secubox:feat/662-phase2b-bench
secubox:fix/662-restore-ng-source
secubox:feature/662-epic-migrate-toolbox-mitm-engine-off-pyt
secubox:fix/cap-lists-5
secubox:feature/659-feat-toolbox-per-visitor-ad-block-breakd
secubox:fix/ad-learn-self-block-hardening
secubox:feature/656-feat-toolbox-ad-intelligence-aggressive
secubox:fix/653-fix-toolbox-banner-reliability-inline-bu
secubox:feature/651-perf-toolbox-649-follow-up-broaden-splic
secubox:feature/649-perf-toolbox-selective-sni-splice-passth
secubox:fix/623-postinst-systemic-var-lib-log-cache-secu
secubox:feature/646-perf-toolbox-adaptive-accept-encoding-st
secubox:fix/644-hub-dashboard-latency-9-12s-per-module-s
secubox:fix/642-social-graph-ip-literal-self-traffic-rec
secubox:feature/634-toolbox-clients-reset-all-clients-reset
secubox:fix/639-toolbox-banner-injected-into-iframes-sub
secubox:fix/636-toolbox-r3-banner-stream-inject-loader-b
secubox:feature/633-anti-track-v2-layered-block-poison-anony
secubox:feature/630-make-live-ops-fixes-permanent-package-di
secubox:feature/628-hub-health-monitor-page-vital-common-ser
secubox:feature/626-haproxy-smart-self-healing-error-pages-5
secubox:feature/624-waf-robustness-package-self-healing-insp
secubox:feature/620-toolbox-ttfb-perf-stream-inject-async-pe
secubox:fix/619-hub-dashboard-services-cache-never-warms
secubox:feature/617-security-posture-full-rewrite-honest-boa
secubox:feature/615-security-posture-add-security-posture-to
secubox:feature/613-threat-analyst-add-country-flags-to-top
secubox:feature/611-threat-analyst-limit-recent-attacks-tabl
secubox:feature/609-waf-robust-route-propagation-dir-bind-mo
secubox:feature/607-waf-behind-waf-media-cache-image-video-s
secubox:feature/605-waf-refuse-unmapped-hosts-close-open-for
secubox:feature/603-waf-port-live-mitmproxy-fixes-to-source
secubox:feature/601-vm-vm-shows-0-containers-lxc-enumeration
secubox:feature/599-threat-analyst-ingest-real-crowdsec-aler
secubox:feature/597-threat-analyst-global-security-overview
secubox:fix/595-threat-analyst-service-ends-up-disabled
secubox:fix/593-webui-fix-metrics-mitm-0-wrong-unit-thre
secubox:fix/autolearn-exclude-antibot
secubox:feature/589-autolearn-bad-trackers-actors-from-threa
secubox:feature/587-eye-graph-domain-suffix-country-cloud-nu
secubox:feature/578-banner-shareable-top-1-pin-quick-button
secubox:feature/577-perf-video-photo-cdn-proxy-cache-shared
secubox:fix/ad-ghost-collapse-placeholders
secubox:feature/576-ad-ghost-replace-ghosted-ad-with-a-css-l
secubox:fix/581-postinst-portal-stays-dead-after-dpkg-up
secubox:fix/575-eye-graph-remove-hide-all-ip-nodes-count
secubox:feature/574-webext-popup-protection-stats-quick-filt
secubox:feature/572-banner-colorful-emoji-chip-guirlande-fla
secubox:feature/570-toolbox-mitm-dpi-media-type-statistifier
secubox:feature/568-webext-popup-cap-top-tracker-list-to-5-e
secubox:feature/566-r3-r4-silent-ad-banner-ghoster-economisa
secubox:feature/564-detect-antibot-split-deployment-vs-chall
secubox:feature/562-ca-fingerprint-surface-the-r3-ca-on-the
secubox:feature/560-toolbox-protective-mode-tracker-alerting
secubox:feature/558-apk-make-zero-tap-auto-run-robust-real-f
secubox:feature/555-favicons-of-major-sites-in-the-xpi-popup
secubox:feature/553-cartographie-graph-impact-sized-icon-bub
secubox:feature/549-social-tracker-domain-rollup-history-tim
secubox:feature/545-injected-banner-neon-tube-redesign-for-r
secubox:feature/551-android-apk-zero-tap-auto-run-silent-onb
secubox:feature/547-linux-firefox-installer-script-for-the-t
secubox:feature/543-kbin-landing-radical-simplify-livelier-f
secubox:feature/532-plan-browser-xpi-webextension-emancipate
secubox:feature/490-phase-2c-toolbox-receiving-modules-actua
secubox:feature/538-android-app-root-mode-fully-automated-si
secubox:feature/536-serve-the-android-toolbox-apk-from-the-t
secubox:feature/531-plan-android-apk-one-tap-toolbox-r3-clie
secubox:fix/509-waf-soc-perf-double-buffered-cache-memor
secubox:fix/503-ci-disable-espressobin-v7-ultra-image-bu
secubox:feature/501-mitm-wg-multi-worker-fanout
secubox:perf/500-captive-flags-and-addon-async
secubox:feature/500-landing-platform-install
secubox:perf/500-mitm-wg-h2-and-concurrency
secubox:feature/500-phase8-utiq-quickwin
secubox:fix/498-crowdsec-sudoers-status
secubox:fix/498-auth-perms-and-rw
secubox:fix/498-ntp-health-timesyncd
secubox:feature/498-lxc-wg-privileged
secubox:feature/498-lxc-cutover-nm-name
secubox:feature/498-mitm-lxc-hardening
secubox:fix/498-crowdsec-health
secubox:chore/498-version-bump-wip
secubox:feature/498-nm-keyfile
secubox:fix/498-toolbox-ratelimit
secubox:fix/498-cert-probe
secubox:fix/498-r3-probe-same-origin
secubox:fix/498-xff-r3-detect
secubox:fix/498-wg-dns-fix
secubox:feature/498-wg-boot-and-waf-history
secubox:feature/498-asgi-migrate
secubox:feature/498-asgi-consolidation
secubox:feature/498-phase-6Q-quickwins
secubox:feature/498-phase-7-waf-active-enforcement-mitm-crow
secubox:feature/496-phase-6-wireguard-mitm-autocert-mode-r3
secubox:feature/495-phase-5-toolbox-mitm-in-dedicated-lxc-co
secubox:feature/492-phase-3-toolbox-transparency-layer-white
secubox:feature/488-phase-2b-toolbox-wire-mitm-addons-to-rec
secubox:feature/486-toolbox-phase-2a-geoip-flags-asn-secubox
secubox:feature/485-toolbox-phase-2a-soc-scoring-multi-signa
secubox:fix/465-revert-dts-patch-004-revert-hardware-usb
secubox:fix/463-dts-enable-usb3-superspeed-on-mpcie-slot
secubox:fix/458-mochabin-btusb-claims-mt7632u-interface
secubox:feature/450-refactor-move-secubox-mesh-yggdrasil-vpn
secubox:fix/444-kiosk-enable-cursor-on-pi-400-remove-noc
secubox:fix/442-rpi400-image-mass-mask-non-essential-ser
secubox:fix/436-build-scripts-stub-systemctl-handle-rasp
secubox:fix/433-build-rpi-usb-sh-kiosk-install-silently
secubox:fix/431-ci-install-binutils-aarch64-linux-gnu-fo
secubox:feature/429-secubox-nextcloud-dashboard-api-renvoie
secubox:feature/427-ci-build-packages-yml-arm64-matrix-build
secubox:feature/425-secubox-sentinelle-gsm-arm64-build-fails
secubox:feature/423-build-rpi-usb-sh-kiosk-flag-is-a-stub-pa
secubox:fix/150-nftables-service-masked-at-boot-board-lo
secubox:feature/152-roundcube-in-mail-lxc-configure-sqlite-b
secubox:fix/394-nextcloud-remove-authelia-auth-request-f
secubox:feature/410-secubox-user-provisioning-push-master-us
secubox:feature/409-secubox-avatar-smart-media-cookie-hoster
secubox:feature/407-privilege-separated-cookie-install-root
secubox:feature/401-secubox-webext-firefox-webextension-comp
secubox:feature/402-secubox-avatar-peek-poke-credential-brok
secubox:feature/400-secubox-sso-lite-native-auth-request-ver
secubox:feature/397-rework-secubox-photoprism-native-lxc-ins
secubox:feature/388-rework-secubox-peertube-align-with-secub
secubox:feature/398-secubox-nextcloud-capture-photolibrary-e
secubox:fix/395-waf-cred-004-false-positive-on-nextcloud
secubox:fix/392-vhost-health-error-status-404-502-hidden
secubox:feature/391-package-the-gk2-ram-optimization-pattern
secubox:feature/390-peertube-url-backport-vhost-template-por
secubox:docs/389-navbar-resort-hardening-repo-into-root-c
secubox:feature/377-feat-fmrelay-stream-fm-rds-as-icecast-mo
secubox:feat/sentinelle-v0-4-0-rds-extension
secubox:feat/zigbee-v2-6-0-backup-restore
secubox:fix/core-lxc-autostart-wait-for-data
secubox:fix/zigbee-access-list-public-url
secubox:fix/hub-sidebar-precache-instant-render
secubox:feature/370-x64-netplan-profiles-static-ip-fallback
secubox:feat/threat-analyst-v1-4-0-actually-useful
secubox:feat/threat-analyst-v1-3-0-simple-rewrite
secubox:fix/threat-analyst-v1-2-0-jwt-noop
secubox:fix/threat-analyst-v1-1-3-nocache
secubox:fix/threat-analyst-v1-1-2-cors-credentials
secubox:fix/threat-analyst-v1-1-1-navbar-padding
secubox:fix/361-secubox-threat-analyst-v1-1-0-wire-metri
secubox:fix/360-fix-secubox-hub-soc-dashboard-card-metri
secubox:feature/357-secubox-sentinelle-gsm-v0-3-6-async-job
secubox:feature/356-secubox-sentinelle-gsm-v0-3-5-scan-auto
secubox:fix/354-secubox-sentinelle-gsm-v0-3-4-monkey-pat
secubox:feature/345-mochabin-mpcie-slot-j5-investigate-w-dis
secubox:fix/353-secubox-sentinelle-gsm-v0-3-3-drop-args
secubox:feature/319-data-essential-data-convention-audit-30
secubox:fix/286-haproxyctl-cmd-generate-drops-backend-de
secubox:feature/312-secubox-threats-rebuild-threats-as-the-c
secubox:feature/310-secubox-authelia-split-auth-control-dash
secubox:feature/306-consolidate-navbar-to-6-charter-categori
secubox:fix/303-secubox-zigbee-menu-d-80-zigbee-json-is
secubox:fix/301-secubox-dns-provider-add-provider-modal
secubox:fix/299-secubox-dns-provider-webui-add-provider
secubox:feature/297-kernel-build-github-actions-workflow-for
secubox:feature/295-kernel-build-add-config-zram-m-zstd-comp
secubox:fix/293-secubox-zigbee-zigbee-config-ui-hidden-u
secubox:fix/290-health-banner-remove-clickable-alert-lin
secubox:feature/289-secubox-zigbee-split-secubox-config-modu
secubox:feature/287-secubox-lyrion-move-public-vhost-from-ly
secubox:feature/284-secubox-nextcloud-ship-etc-secubox-nextc
secubox:fix/282-secubox-nextcloud-nextcloud-must-stay-th
secubox:feature/280-secubox-nextcloud-modernize-lxc-install
secubox:feature/278-secubox-authelia-own-the-sbx-auth-login
secubox:fix/274-secubox-authelia-verify-must-forward-x-o
secubox:fix/273-secubox-zigbee-secubox-lyrion-auth-redir
secubox:feature/272-secubox-authelia-session-cookies-must-in
secubox:feature/270-secubox-authelia-server-level-banner-sub
secubox:feature/268-secubox-authelia-x-forwarded-proto-must
secubox:feature/266-secubox-authelia-zigbee-lyrion-4-fixes-f
secubox:feature/264-secubox-zigbee-secubox-lyrion-swap-lan-o
secubox:feature/262-secubox-authelia-implement-verify-real-a
secubox:feature/260-secubox-lyrion-lan-only-gate-on-lyrion-l
secubox:fix/241-secubox-zigbee-v2.4.1-sonoff-mg21
secubox:feature/255-mochabin-dt-board-mpcie-slot-usb-pins-no
secubox:feature/237-secubox-sentinelle-gsm-passive-rx-sdr-se
secubox:feature/236-secubox-rbs-sensor-wall-opad-rogue-base
secubox:feature/241-secubox-zigbee-v2-4-0-rewrite-in-place-z
secubox:feature/240-secubox-mqtt-v2-4-0-rewrite-in-place-mos
secubox:feature/247-health-banner-clickable-cross-domain-lin
secubox:feature/246-secubox-yacy-nginx-vhost-missing-well-kn
secubox:feature/248-secubox-lyrion-expose-web-ui-on-lan-ip-1
secubox:feature/244-secubox-lyrion-lxc-host-lyrion-music-ser
secubox:feature/239-secubox-authelia-sso-idp-lxc-authelia-oi
secubox:feature/234-secubox-rustdesk-new-lxc-module-for-self
secubox:feature/232-secubox-yacy-new-lxc-module-for-peer-to
secubox:feature/230-secubox-grafana-new-lxc-module-for-secur
secubox:fix/228-missing-tools-on-images-secubox-flash-di
secubox:fix/226-bare-metal-x86-64-polish-gate-pi-hardwar
secubox:fix/224-kiosk-launcher-chromium-fails-on-debian
secubox:fix/222-login-redirect-loop-68-web-ui-files-stil
secubox:fix/220-secubox-health-doctor-duplicate-debhelpe
secubox:fix/218-build-image-sh-skips-debian-deps-python3
secubox:docs/216-docs-codify-the-secubox-grammar-modular
secubox:feature/214-health-doctor-drop-act-runner-arm64-from
secubox:feature/212-secubox-health-doctor-vital-services-hea
secubox:fix/210-firstboot-users-json-wrong-schema-sha256
secubox:fix/200-metablogizerctl-publish-should-orchestra
secubox:fix/207-eye-square-ship-firstboot-sh-outside-usr
secubox:fix/202-eye-square-debian-rules-content-drift-re
secubox:fix/203-ci-build-packages-discover-step-schedule
secubox:fix/201-secubox-eye-square-switch-to-architectur
secubox:feature/196-implement-secubox-droplet-cli-dropletctl
secubox:fix/197-api-v1-health-alias
secubox:fix/round-real-root-icons
secubox:fix/round-armv6-boot-services
secubox:fix/194-secubox-metrics-visitororigin-entries-em
secubox:feature/192-portal-regenerate-full-dashboard-navbar
secubox:feature/190-giteactl-runner-forge-runner-add-remove
secubox:feature/180-publishctl-rename-metactl-forge-post-nou
secubox:feature/182-streamlitctl-extend-lifecycle-only-ctl-w
secubox:feature/183-streamforgectl-forge-missing-ctl-streaml
secubox:feature/184-metablogizerctl-extend-reference-ctl-wit
secubox:feature/181-dropletctl-forge-missing-ctl-file-upload
secubox:feature/176-giteactl-forge-repo-mirror-add-remove-li
secubox:feature/177-ci-mirror-github-workflows-gitea-workflo
secubox:feature/173-mitmproxyctl-align-with-lxc-reality-add
secubox:fix/rpi4b-radar-arcs-top-centered
secubox:fix/170-cookie-audit-pipeline-hardening-apparmor
secubox:fix/167-secubox-hub-vs-secubox-portal-login-html
secubox:fix/163-triple-soc-location-duplicate-breaks-ngi
secubox:fix/162-secubox-core-postinst-overwrites-etc-ngi
secubox:feature/158-live-deploy-fixes-followup
secubox:feature/158-eye-remote-multi-gadget-l3-dhcp-server-o
secubox:fix/155-eye-remote-link-rename-collision-when-mu
secubox:feature/153-mail-stack-phase-2-rspamd-migration-roun
secubox:feature/156-cookie-audit-pipeline-rgpd-eprivacy-comp
secubox:feature/147-add-scripts-check-dashboard-cache-py-lin
secubox:feature/136-mail-stack-phase-1-source-catch-up-legac
secubox:fix/145-secubox-waf-apply-double-cache-pattern-o
secubox:feature/138-port-radar-concentric-into-secubox-commo
secubox:fix/139-round-image-usb0-otg-networking-dead-ifu
secubox:fix/133-remote-ui-square-4-bugs-caught-at-pi-4b
secubox:feature/127-add-remote-ui-square-variant-for-pi-4b-7
secubox:feature/127-phase3-python-kiosk
secubox:feature/127-phase2-square-variant
secubox:feature/120-auth-rework-secubox-users-as-identity-so
secubox:fix/124-build-live-usb-safety-protect-host-dev-f
secubox:feature/122-build-live-usb-sh-add-static-ip-hostname
secubox:fix/117-metablogizer-webhook-git-pull-fails-on-d
secubox:feature/113-metablogizer-deploy-webhook-sub-e-of-49
secubox:fix/114-secubox-hub-sidebar-enters-mobile-mode-o
secubox:fix/111-metablogizer-api-load-sites-called-repea
secubox:fix/109-metablogizer-api-sub-c-runtime-imports-f
secubox:fix/106-metablogizer-api-delete-site-name-fails
secubox:fix/105-metablogizer-ui-api-helper-swallows-res
secubox:feature/103-metablogizer-version-dashboard-ui-module
secubox:feature/101-metablogizer-site-json-schema-version-me
secubox:feature/95-streamlit-per-site-version-pinning-conta
secubox:feature/94-metablogizer-gitea-ingest-import-166-sit
secubox:feature/49-feat-metablogizer-streamlit-version-mana
secubox:fix/92-uvicorn-sibling-imports
secubox:feature/92-health-banner-visitor-origin-feed-anonym
secubox:feature/89-secubox-apt-clone-validate-implementatio
secubox:feature/license-headers-phase-a
secubox:feature/license-phase-b-full
secubox:feature/83-multi-agent-worktree-workflow
secubox:feature/eye-remote-auto-mode
secubox:feature/sync-workflow-eyemote
secubox:feature/multigadget-docs
secubox:v2.14.1
secubox:v2.14.0
secubox:android-v0.4.0
secubox:webext-v0.1.5
secubox:webext-v0.1.4
secubox:webext-v0.1.3
secubox:webext-v0.1.2
secubox:android-v0.3.0
secubox:android-v0.2.0
secubox:webext-v0.1.1
secubox:webext-v0.1.0
secubox:android-v0.1.0
secubox:v2.13.20
secubox:v2.13.19
secubox:v2.13.18
secubox:v2.13.17
secubox:v2.13.16
secubox:v2.13.15
secubox:v2.13.14
secubox:v2.13.13
secubox:v2.13.12
secubox:v2.13.11
secubox:v2.13.10
secubox:v2.13.9
secubox:v2.13.8
secubox:v2.13.7
secubox:v2.13.6
secubox:v2.13.5
secubox:v2.13.4
secubox:v2.13.3
secubox:v2.13.2
secubox:v2.13.1
secubox:v2.13.0
secubox:v2.12.18
secubox:v2.12.17
secubox:v2.12.16
secubox:v2.12.15
secubox:v2.12.14
secubox:v2.12.13
secubox:v2.12.12
secubox:v2.12.11
secubox:v2.12.10
secubox:v2.12.9
secubox:v2.12.8
secubox:v2.12.7
secubox:v2.12.6
secubox:v2.12.5
secubox:v2.12.4
secubox:v2.12.3
secubox:v2.12.2
secubox:v2.12.1
secubox:v2.12.0
secubox:v2.11.1
secubox:v2.11.0
secubox:v2.10.3
secubox:v2.10.2
secubox:v2.10.1
secubox:v2.10.0
secubox:v2.9.0
secubox:v2.2.1-eye-remote
secubox:v2.8.0
secubox:v2.7.3
secubox:v2.7.2
secubox:v2.7.1
secubox:v2.7.0
secubox:v2.6.1
secubox:v2.6.0
secubox:v2.5.0
secubox:v2.4.0
secubox:v2.3.0
secubox:v2.2.0
secubox:v2.1.1
secubox:v1.9.0
secubox:multiboot-v2.2.4-live
secubox:multiboot-v2.2.4-pre1
secubox:v2.1.0
secubox:v1.8.0
secubox:v1.7.1
secubox:v1.7.0.1
secubox:v1.7.0
secubox:v1.6.7.14
secubox:v1.6.7.13
secubox:v1.6.7.12
secubox:v1.6.7.11
secubox:v1.6.7
secubox:v1.6.5
secubox:v1.6.0
secubox:v1.5.9
secubox:v1.5.8
secubox:v1.5.7
secubox:v1.5.6
secubox:v1.5.5
secubox:v1.5.4
secubox:v1.5.3
secubox:v1.5.2
secubox:v1.5.1
secubox:v1.5.0
secubox:v1.4.2
secubox:v1.4.1
secubox:v1.4.0
secubox:v1.3.11
secubox:v1.3.10
secubox:v1.3.9
secubox:v1.3.8
secubox:v1.3.7
secubox:v1.3.6
secubox:v1.3.5
secubox:v1.3.4
secubox:v1.3.3
secubox:v1.3.2
secubox:v1.3.1
secubox:v1.3.0
secubox:v1.2.0
secubox:v1.1.0
secubox:v1.0.0
secubox:test-devel
..
compare: secubox:c8fe9bb1484c37d499fd561490edde79fb195ab5
Branches Tags
secubox:master
secubox:feature/appstore-phase-a
secubox:feature/gondwana-phase1-mesh
secubox:fix/remove-authelia-sso
secubox:feature/760-standardize-secubox-lan-to-192-168-10-0
secubox:fix/secubox-p2p-master-link-statedir
secubox:feature/761-fix-podcaster-audio-player-stops-every-f
secubox:feature/758-nft-based-network-stats-log-counter-drop
secubox:feature/748-enhanced-tow-boot-http-netboot-serial-fl
secubox:feature/738-aggregator-resilience-sweep-async-handle
secubox:feature/737-secubox-netboot-provisioning-reseau-over
secubox:feature/728-sovereign-threat-intel-drop-crowdsec-cap
secubox:feature/727-secubox-aggregator-auto-heal-watchdog-ti
secubox:feature/726-secubox-podcaster-modern-podcast-manager
secubox:fix/494-secubox-core-service-execstart-overrides
secubox:feature/65-fix-nginx-add-missing-api-routes-to-webu
secubox:fix/53-wazuh-uvicorn-process-causes-100-cpu-spi
secubox:fix/121-metablog-ingest-site-dirs-should-be-crea
secubox:feature/724-toolbox-banner-in-banner-r0-r3-level-swi
secubox:feature/722-dpi-phase-3-ndpid-daemon-ci-cross-build
secubox:feature/720-dpi-phase-3-per-device-daily-history-tim
secubox:feature/718-dpi-phase-3-asn-enrichment-classify-sni
secubox:feature/716-kbin-pdf-donut-grid-layout-broken-each-d
secubox:feature/714-kbin-pdf-charts-blank-in-some-viewers-re
secubox:feature/711-kbin-pdf-donut-charts-render-as-solid-pi
secubox:feature/709-kbin-pdf-integrate-carto-graph-emoji-dat
secubox:feature/707-kbin-report-cyberpunk-netrunner-characte
secubox:feature/705-dpi-report-shows-zeros-exfil-is-a-60s-sn
secubox:feature/703-kbin-pdf-render-visual-donut-charts-mitm
secubox:feature/701-kbin-pdf-report-include-dpi-exfil-stats
secubox:feature/699-kbin-report-tabbed-donut-stats-pistage-d
secubox:feature/697-sbxmitm-truncates-responses-8mib-large-g
secubox:feature/695-dpi-dashboard-fill-top-apps-protocols-ba
secubox:feature/692-dpi-beaconing-rule-fires-on-sub-second-a
secubox:feature/687-plan-full-flow-dpi-on-r3-ndpid-netifyd-p
secubox:feature/689-sbxmitm-forged-leaf-certs-expire-after-2
secubox:feature/683-plan-kbin-tor-endpoint-quick-switch-anon
secubox:fix/662-altsvc-strip
secubox:feat/662-client-geoflag
secubox:feat/662-inline-banner
secubox:feat/662-adlearn
secubox:feat/662-social-relay
secubox:feat/662-cumulative-live
secubox:feat/662-analysis-relay
secubox:feat/662-csp-demo
secubox:feat/662-utls-chrome
secubox:feat/662-adstats-popups
secubox:fix/662-no-follow-redirect
secubox:fix/662-gzip-banner
secubox:feat/662-cutover-fix
secubox:feat/662-transparent-machash
secubox:feat/662-phase5prep-pkg
secubox:feat/662-phase4-jar
secubox:feat/662-phase3-parity
secubox:feat/662-phase2b-bench
secubox:fix/662-restore-ng-source
secubox:feature/662-epic-migrate-toolbox-mitm-engine-off-pyt
secubox:fix/cap-lists-5
secubox:feature/659-feat-toolbox-per-visitor-ad-block-breakd
secubox:fix/ad-learn-self-block-hardening
secubox:feature/656-feat-toolbox-ad-intelligence-aggressive
secubox:fix/653-fix-toolbox-banner-reliability-inline-bu
secubox:feature/651-perf-toolbox-649-follow-up-broaden-splic
secubox:feature/649-perf-toolbox-selective-sni-splice-passth
secubox:fix/623-postinst-systemic-var-lib-log-cache-secu
secubox:feature/646-perf-toolbox-adaptive-accept-encoding-st
secubox:fix/644-hub-dashboard-latency-9-12s-per-module-s
secubox:fix/642-social-graph-ip-literal-self-traffic-rec
secubox:feature/634-toolbox-clients-reset-all-clients-reset
secubox:fix/639-toolbox-banner-injected-into-iframes-sub
secubox:fix/636-toolbox-r3-banner-stream-inject-loader-b
secubox:feature/633-anti-track-v2-layered-block-poison-anony
secubox:feature/630-make-live-ops-fixes-permanent-package-di
secubox:feature/628-hub-health-monitor-page-vital-common-ser
secubox:feature/626-haproxy-smart-self-healing-error-pages-5
secubox:feature/624-waf-robustness-package-self-healing-insp
secubox:feature/620-toolbox-ttfb-perf-stream-inject-async-pe
secubox:fix/619-hub-dashboard-services-cache-never-warms
secubox:feature/617-security-posture-full-rewrite-honest-boa
secubox:feature/615-security-posture-add-security-posture-to
secubox:feature/613-threat-analyst-add-country-flags-to-top
secubox:feature/611-threat-analyst-limit-recent-attacks-tabl
secubox:feature/609-waf-robust-route-propagation-dir-bind-mo
secubox:feature/607-waf-behind-waf-media-cache-image-video-s
secubox:feature/605-waf-refuse-unmapped-hosts-close-open-for
secubox:feature/603-waf-port-live-mitmproxy-fixes-to-source
secubox:feature/601-vm-vm-shows-0-containers-lxc-enumeration
secubox:feature/599-threat-analyst-ingest-real-crowdsec-aler
secubox:feature/597-threat-analyst-global-security-overview
secubox:fix/595-threat-analyst-service-ends-up-disabled
secubox:fix/593-webui-fix-metrics-mitm-0-wrong-unit-thre
secubox:fix/autolearn-exclude-antibot
secubox:feature/589-autolearn-bad-trackers-actors-from-threa
secubox:feature/587-eye-graph-domain-suffix-country-cloud-nu
secubox:feature/578-banner-shareable-top-1-pin-quick-button
secubox:feature/577-perf-video-photo-cdn-proxy-cache-shared
secubox:fix/ad-ghost-collapse-placeholders
secubox:feature/576-ad-ghost-replace-ghosted-ad-with-a-css-l
secubox:fix/581-postinst-portal-stays-dead-after-dpkg-up
secubox:fix/575-eye-graph-remove-hide-all-ip-nodes-count
secubox:feature/574-webext-popup-protection-stats-quick-filt
secubox:feature/572-banner-colorful-emoji-chip-guirlande-fla
secubox:feature/570-toolbox-mitm-dpi-media-type-statistifier
secubox:feature/568-webext-popup-cap-top-tracker-list-to-5-e
secubox:feature/566-r3-r4-silent-ad-banner-ghoster-economisa
secubox:feature/564-detect-antibot-split-deployment-vs-chall
secubox:feature/562-ca-fingerprint-surface-the-r3-ca-on-the
secubox:feature/560-toolbox-protective-mode-tracker-alerting
secubox:feature/558-apk-make-zero-tap-auto-run-robust-real-f
secubox:feature/555-favicons-of-major-sites-in-the-xpi-popup
secubox:feature/553-cartographie-graph-impact-sized-icon-bub
secubox:feature/549-social-tracker-domain-rollup-history-tim
secubox:feature/545-injected-banner-neon-tube-redesign-for-r
secubox:feature/551-android-apk-zero-tap-auto-run-silent-onb
secubox:feature/547-linux-firefox-installer-script-for-the-t
secubox:feature/543-kbin-landing-radical-simplify-livelier-f
secubox:feature/532-plan-browser-xpi-webextension-emancipate
secubox:feature/490-phase-2c-toolbox-receiving-modules-actua
secubox:feature/538-android-app-root-mode-fully-automated-si
secubox:feature/536-serve-the-android-toolbox-apk-from-the-t
secubox:feature/531-plan-android-apk-one-tap-toolbox-r3-clie
secubox:fix/509-waf-soc-perf-double-buffered-cache-memor
secubox:fix/503-ci-disable-espressobin-v7-ultra-image-bu
secubox:feature/501-mitm-wg-multi-worker-fanout
secubox:perf/500-captive-flags-and-addon-async
secubox:feature/500-landing-platform-install
secubox:perf/500-mitm-wg-h2-and-concurrency
secubox:feature/500-phase8-utiq-quickwin
secubox:fix/498-crowdsec-sudoers-status
secubox:fix/498-auth-perms-and-rw
secubox:fix/498-ntp-health-timesyncd
secubox:feature/498-lxc-wg-privileged
secubox:feature/498-lxc-cutover-nm-name
secubox:feature/498-mitm-lxc-hardening
secubox:fix/498-crowdsec-health
secubox:chore/498-version-bump-wip
secubox:feature/498-nm-keyfile
secubox:fix/498-toolbox-ratelimit
secubox:fix/498-cert-probe
secubox:fix/498-r3-probe-same-origin
secubox:fix/498-xff-r3-detect
secubox:fix/498-wg-dns-fix
secubox:feature/498-wg-boot-and-waf-history
secubox:feature/498-asgi-migrate
secubox:feature/498-asgi-consolidation
secubox:feature/498-phase-6Q-quickwins
secubox:feature/498-phase-7-waf-active-enforcement-mitm-crow
secubox:feature/496-phase-6-wireguard-mitm-autocert-mode-r3
secubox:feature/495-phase-5-toolbox-mitm-in-dedicated-lxc-co
secubox:feature/492-phase-3-toolbox-transparency-layer-white
secubox:feature/488-phase-2b-toolbox-wire-mitm-addons-to-rec
secubox:feature/486-toolbox-phase-2a-geoip-flags-asn-secubox
secubox:feature/485-toolbox-phase-2a-soc-scoring-multi-signa
secubox:fix/465-revert-dts-patch-004-revert-hardware-usb
secubox:fix/463-dts-enable-usb3-superspeed-on-mpcie-slot
secubox:fix/458-mochabin-btusb-claims-mt7632u-interface
secubox:feature/450-refactor-move-secubox-mesh-yggdrasil-vpn
secubox:fix/444-kiosk-enable-cursor-on-pi-400-remove-noc
secubox:fix/442-rpi400-image-mass-mask-non-essential-ser
secubox:fix/436-build-scripts-stub-systemctl-handle-rasp
secubox:fix/433-build-rpi-usb-sh-kiosk-install-silently
secubox:fix/431-ci-install-binutils-aarch64-linux-gnu-fo
secubox:feature/429-secubox-nextcloud-dashboard-api-renvoie
secubox:feature/427-ci-build-packages-yml-arm64-matrix-build
secubox:feature/425-secubox-sentinelle-gsm-arm64-build-fails
secubox:feature/423-build-rpi-usb-sh-kiosk-flag-is-a-stub-pa
secubox:fix/150-nftables-service-masked-at-boot-board-lo
secubox:feature/152-roundcube-in-mail-lxc-configure-sqlite-b
secubox:fix/394-nextcloud-remove-authelia-auth-request-f
secubox:feature/410-secubox-user-provisioning-push-master-us
secubox:feature/409-secubox-avatar-smart-media-cookie-hoster
secubox:feature/407-privilege-separated-cookie-install-root
secubox:feature/401-secubox-webext-firefox-webextension-comp
secubox:feature/402-secubox-avatar-peek-poke-credential-brok
secubox:feature/400-secubox-sso-lite-native-auth-request-ver
secubox:feature/397-rework-secubox-photoprism-native-lxc-ins
secubox:feature/388-rework-secubox-peertube-align-with-secub
secubox:feature/398-secubox-nextcloud-capture-photolibrary-e
secubox:fix/395-waf-cred-004-false-positive-on-nextcloud
secubox:fix/392-vhost-health-error-status-404-502-hidden
secubox:feature/391-package-the-gk2-ram-optimization-pattern
secubox:feature/390-peertube-url-backport-vhost-template-por
secubox:docs/389-navbar-resort-hardening-repo-into-root-c
secubox:feature/377-feat-fmrelay-stream-fm-rds-as-icecast-mo
secubox:feat/sentinelle-v0-4-0-rds-extension
secubox:feat/zigbee-v2-6-0-backup-restore
secubox:fix/core-lxc-autostart-wait-for-data
secubox:fix/zigbee-access-list-public-url
secubox:fix/hub-sidebar-precache-instant-render
secubox:feature/370-x64-netplan-profiles-static-ip-fallback
secubox:feat/threat-analyst-v1-4-0-actually-useful
secubox:feat/threat-analyst-v1-3-0-simple-rewrite
secubox:fix/threat-analyst-v1-2-0-jwt-noop
secubox:fix/threat-analyst-v1-1-3-nocache
secubox:fix/threat-analyst-v1-1-2-cors-credentials
secubox:fix/threat-analyst-v1-1-1-navbar-padding
secubox:fix/361-secubox-threat-analyst-v1-1-0-wire-metri
secubox:fix/360-fix-secubox-hub-soc-dashboard-card-metri
secubox:feature/357-secubox-sentinelle-gsm-v0-3-6-async-job
secubox:feature/356-secubox-sentinelle-gsm-v0-3-5-scan-auto
secubox:fix/354-secubox-sentinelle-gsm-v0-3-4-monkey-pat
secubox:feature/345-mochabin-mpcie-slot-j5-investigate-w-dis
secubox:fix/353-secubox-sentinelle-gsm-v0-3-3-drop-args
secubox:feature/319-data-essential-data-convention-audit-30
secubox:fix/286-haproxyctl-cmd-generate-drops-backend-de
secubox:feature/312-secubox-threats-rebuild-threats-as-the-c
secubox:feature/310-secubox-authelia-split-auth-control-dash
secubox:feature/306-consolidate-navbar-to-6-charter-categori
secubox:fix/303-secubox-zigbee-menu-d-80-zigbee-json-is
secubox:fix/301-secubox-dns-provider-add-provider-modal
secubox:fix/299-secubox-dns-provider-webui-add-provider
secubox:feature/297-kernel-build-github-actions-workflow-for
secubox:feature/295-kernel-build-add-config-zram-m-zstd-comp
secubox:fix/293-secubox-zigbee-zigbee-config-ui-hidden-u
secubox:fix/290-health-banner-remove-clickable-alert-lin
secubox:feature/289-secubox-zigbee-split-secubox-config-modu
secubox:feature/287-secubox-lyrion-move-public-vhost-from-ly
secubox:feature/284-secubox-nextcloud-ship-etc-secubox-nextc
secubox:fix/282-secubox-nextcloud-nextcloud-must-stay-th
secubox:feature/280-secubox-nextcloud-modernize-lxc-install
secubox:feature/278-secubox-authelia-own-the-sbx-auth-login
secubox:fix/274-secubox-authelia-verify-must-forward-x-o
secubox:fix/273-secubox-zigbee-secubox-lyrion-auth-redir
secubox:feature/272-secubox-authelia-session-cookies-must-in
secubox:feature/270-secubox-authelia-server-level-banner-sub
secubox:feature/268-secubox-authelia-x-forwarded-proto-must
secubox:feature/266-secubox-authelia-zigbee-lyrion-4-fixes-f
secubox:feature/264-secubox-zigbee-secubox-lyrion-swap-lan-o
secubox:feature/262-secubox-authelia-implement-verify-real-a
secubox:feature/260-secubox-lyrion-lan-only-gate-on-lyrion-l
secubox:fix/241-secubox-zigbee-v2.4.1-sonoff-mg21
secubox:feature/255-mochabin-dt-board-mpcie-slot-usb-pins-no
secubox:feature/237-secubox-sentinelle-gsm-passive-rx-sdr-se
secubox:feature/236-secubox-rbs-sensor-wall-opad-rogue-base
secubox:feature/241-secubox-zigbee-v2-4-0-rewrite-in-place-z
secubox:feature/240-secubox-mqtt-v2-4-0-rewrite-in-place-mos
secubox:feature/247-health-banner-clickable-cross-domain-lin
secubox:feature/246-secubox-yacy-nginx-vhost-missing-well-kn
secubox:feature/248-secubox-lyrion-expose-web-ui-on-lan-ip-1
secubox:feature/244-secubox-lyrion-lxc-host-lyrion-music-ser
secubox:feature/239-secubox-authelia-sso-idp-lxc-authelia-oi
secubox:feature/234-secubox-rustdesk-new-lxc-module-for-self
secubox:feature/232-secubox-yacy-new-lxc-module-for-peer-to
secubox:feature/230-secubox-grafana-new-lxc-module-for-secur
secubox:fix/228-missing-tools-on-images-secubox-flash-di
secubox:fix/226-bare-metal-x86-64-polish-gate-pi-hardwar
secubox:fix/224-kiosk-launcher-chromium-fails-on-debian
secubox:fix/222-login-redirect-loop-68-web-ui-files-stil
secubox:fix/220-secubox-health-doctor-duplicate-debhelpe
secubox:fix/218-build-image-sh-skips-debian-deps-python3
secubox:docs/216-docs-codify-the-secubox-grammar-modular
secubox:feature/214-health-doctor-drop-act-runner-arm64-from
secubox:feature/212-secubox-health-doctor-vital-services-hea
secubox:fix/210-firstboot-users-json-wrong-schema-sha256
secubox:fix/200-metablogizerctl-publish-should-orchestra
secubox:fix/207-eye-square-ship-firstboot-sh-outside-usr
secubox:fix/202-eye-square-debian-rules-content-drift-re
secubox:fix/203-ci-build-packages-discover-step-schedule
secubox:fix/201-secubox-eye-square-switch-to-architectur
secubox:feature/196-implement-secubox-droplet-cli-dropletctl
secubox:fix/197-api-v1-health-alias
secubox:fix/round-real-root-icons
secubox:fix/round-armv6-boot-services
secubox:fix/194-secubox-metrics-visitororigin-entries-em
secubox:feature/192-portal-regenerate-full-dashboard-navbar
secubox:feature/190-giteactl-runner-forge-runner-add-remove
secubox:feature/180-publishctl-rename-metactl-forge-post-nou
secubox:feature/182-streamlitctl-extend-lifecycle-only-ctl-w
secubox:feature/183-streamforgectl-forge-missing-ctl-streaml
secubox:feature/184-metablogizerctl-extend-reference-ctl-wit
secubox:feature/181-dropletctl-forge-missing-ctl-file-upload
secubox:feature/176-giteactl-forge-repo-mirror-add-remove-li
secubox:feature/177-ci-mirror-github-workflows-gitea-workflo
secubox:feature/173-mitmproxyctl-align-with-lxc-reality-add
secubox:fix/rpi4b-radar-arcs-top-centered
secubox:fix/170-cookie-audit-pipeline-hardening-apparmor
secubox:fix/167-secubox-hub-vs-secubox-portal-login-html
secubox:fix/163-triple-soc-location-duplicate-breaks-ngi
secubox:fix/162-secubox-core-postinst-overwrites-etc-ngi
secubox:feature/158-live-deploy-fixes-followup
secubox:feature/158-eye-remote-multi-gadget-l3-dhcp-server-o
secubox:fix/155-eye-remote-link-rename-collision-when-mu
secubox:feature/153-mail-stack-phase-2-rspamd-migration-roun
secubox:feature/156-cookie-audit-pipeline-rgpd-eprivacy-comp
secubox:feature/147-add-scripts-check-dashboard-cache-py-lin
secubox:feature/136-mail-stack-phase-1-source-catch-up-legac
secubox:fix/145-secubox-waf-apply-double-cache-pattern-o
secubox:feature/138-port-radar-concentric-into-secubox-commo
secubox:fix/139-round-image-usb0-otg-networking-dead-ifu
secubox:fix/133-remote-ui-square-4-bugs-caught-at-pi-4b
secubox:feature/127-add-remote-ui-square-variant-for-pi-4b-7
secubox:feature/127-phase3-python-kiosk
secubox:feature/127-phase2-square-variant
secubox:feature/120-auth-rework-secubox-users-as-identity-so
secubox:fix/124-build-live-usb-safety-protect-host-dev-f
secubox:feature/122-build-live-usb-sh-add-static-ip-hostname
secubox:fix/117-metablogizer-webhook-git-pull-fails-on-d
secubox:feature/113-metablogizer-deploy-webhook-sub-e-of-49
secubox:fix/114-secubox-hub-sidebar-enters-mobile-mode-o
secubox:fix/111-metablogizer-api-load-sites-called-repea
secubox:fix/109-metablogizer-api-sub-c-runtime-imports-f
secubox:fix/106-metablogizer-api-delete-site-name-fails
secubox:fix/105-metablogizer-ui-api-helper-swallows-res
secubox:feature/103-metablogizer-version-dashboard-ui-module
secubox:feature/101-metablogizer-site-json-schema-version-me
secubox:feature/95-streamlit-per-site-version-pinning-conta
secubox:feature/94-metablogizer-gitea-ingest-import-166-sit
secubox:feature/49-feat-metablogizer-streamlit-version-mana
secubox:fix/92-uvicorn-sibling-imports
secubox:feature/92-health-banner-visitor-origin-feed-anonym
secubox:feature/89-secubox-apt-clone-validate-implementatio
secubox:feature/license-headers-phase-a
secubox:feature/license-phase-b-full
secubox:feature/83-multi-agent-worktree-workflow
secubox:feature/eye-remote-auto-mode
secubox:feature/sync-workflow-eyemote
secubox:feature/multigadget-docs
secubox:v2.14.1
secubox:v2.14.0
secubox:android-v0.4.0
secubox:webext-v0.1.5
secubox:webext-v0.1.4
secubox:webext-v0.1.3
secubox:webext-v0.1.2
secubox:android-v0.3.0
secubox:android-v0.2.0
secubox:webext-v0.1.1
secubox:webext-v0.1.0
secubox:android-v0.1.0
secubox:v2.13.20
secubox:v2.13.19
secubox:v2.13.18
secubox:v2.13.17
secubox:v2.13.16
secubox:v2.13.15
secubox:v2.13.14
secubox:v2.13.13
secubox:v2.13.12
secubox:v2.13.11
secubox:v2.13.10
secubox:v2.13.9
secubox:v2.13.8
secubox:v2.13.7
secubox:v2.13.6
secubox:v2.13.5
secubox:v2.13.4
secubox:v2.13.3
secubox:v2.13.2
secubox:v2.13.1
secubox:v2.13.0
secubox:v2.12.18
secubox:v2.12.17
secubox:v2.12.16
secubox:v2.12.15
secubox:v2.12.14
secubox:v2.12.13
secubox:v2.12.12
secubox:v2.12.11
secubox:v2.12.10
secubox:v2.12.9
secubox:v2.12.8
secubox:v2.12.7
secubox:v2.12.6
secubox:v2.12.5
secubox:v2.12.4
secubox:v2.12.3
secubox:v2.12.2
secubox:v2.12.1
secubox:v2.12.0
secubox:v2.11.1
secubox:v2.11.0
secubox:v2.10.3
secubox:v2.10.2
secubox:v2.10.1
secubox:v2.10.0
secubox:v2.9.0
secubox:v2.2.1-eye-remote
secubox:v2.8.0
secubox:v2.7.3
secubox:v2.7.2
secubox:v2.7.1
secubox:v2.7.0
secubox:v2.6.1
secubox:v2.6.0
secubox:v2.5.0
secubox:v2.4.0
secubox:v2.3.0
secubox:v2.2.0
secubox:v2.1.1
secubox:v1.9.0
secubox:multiboot-v2.2.4-live
secubox:multiboot-v2.2.4-pre1
secubox:v2.1.0
secubox:v1.8.0
secubox:v1.7.1
secubox:v1.7.0.1
secubox:v1.7.0
secubox:v1.6.7.14
secubox:v1.6.7.13
secubox:v1.6.7.12
secubox:v1.6.7.11
secubox:v1.6.7
secubox:v1.6.5
secubox:v1.6.0
secubox:v1.5.9
secubox:v1.5.8
secubox:v1.5.7
secubox:v1.5.6
secubox:v1.5.5
secubox:v1.5.4
secubox:v1.5.3
secubox:v1.5.2
secubox:v1.5.1
secubox:v1.5.0
secubox:v1.4.2
secubox:v1.4.1
secubox:v1.4.0
secubox:v1.3.11
secubox:v1.3.10
secubox:v1.3.9
secubox:v1.3.8
secubox:v1.3.7
secubox:v1.3.6
secubox:v1.3.5
secubox:v1.3.4
secubox:v1.3.3
secubox:v1.3.2
secubox:v1.3.1
secubox:v1.3.0
secubox:v1.2.0
secubox:v1.1.0
secubox:v1.0.0
secubox:test-devel

No commits in common. "1a8ed97cfe882fc45ce0bc0ffb43e73cef189fd4" and "c8fe9bb1484c37d499fd561490edde79fb195ab5" have entirely different histories.
1a8ed97cfe ... c8fe9bb148

7 changed files with 2 additions and 915 deletions
Show Stats Expand all files Collapse all files

481
docs/superpowers/plans/2026-06-26-cookies-crosssite-trackers.md
View File

@ -1,481 +0,0 @@
# Cookies cross-site tracker detection — Implementation Plan
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** Surface the already-computed R3 cross-site tracker correlation (`social_edges`) to the operator as a detailed view in the secubox-cookies dashboard.
**Architecture:** A read-only aggregation function in the toolbox (`social.py`, next to `aggregate()`) folds `social_edges` into per-tracker cross-site detail; a toolbox endpoint `GET /admin/cookie-crosssite` exposes it (mirrors `/admin/social-aggregate`); the cookies dashboard adds a "Trackers cross-site" card whose JS fetches that endpoint directly (operator browser carries the JWT). No new service, no new dependency.
**Tech Stack:** Python 3.11 / FastAPI / sqlite3 (toolbox), vanilla HTML/JS (cookies dashboard), pytest.
## Global Constraints
- New Python files carry the SPDX header: `# SPDX-License-Identifier: LicenseRef-CMSD-1.0` + the CyberMind copyright block (copy from any sibling file in the module).
- Read-only over `social_edges`. No writes, no migration. Filter out `src_site IN ('', 'null')` at read time.
- Reuse `social._conn()`, `social._registrable_domain()`, `social._is_ip()` — do NOT reimplement.
- The new endpoint mirrors `admin_social_aggregate` exactly: no explicit `Depends` (admin gating is handled at the same layer as its siblings).
- Frontend fetch uses the existing `headers()` helper (Bearer `sbx_token`) and targets the absolute toolbox path `/api/v1/toolbox/admin/cookie-crosssite` (NOT the cookies `API` base).
- Commit messages reference `(ref #749)`. No Claude Code references / footers in commits.
---
### Task 1: Toolbox cross-site aggregation in `social.py`
**Files:**
- Modify: `packages/secubox-toolbox/secubox_toolbox/social.py` (add two functions next to `aggregate()` ~line 1025)
- Test: `packages/secubox-toolbox/tests/test_cookie_xsite_detail.py` (create)
**Interfaces:**
- Consumes: `social._conn()`, `social._registrable_domain(host)`, `social._is_ip(host)` (existing).
- Produces:
- `_xsite_detail_from_conn(conn, since: int, top_n: int) -> list[dict]` — pure, over a conn. Each dict: `{tracker_domain:str, sites:list[str], site_count:int, client_count:int, cookie_count:int, pre_consent_hits:int, last_seen:int}`.
- `cookie_xsite_detail(hours: int = 24, top_n: int = 50) -> dict` — envelope `{window_hours:int, generated_at:int, trackers:list[dict]}`.
- [ ] **Step 1: Write the failing test**
Create `packages/secubox-toolbox/tests/test_cookie_xsite_detail.py`:
```python
# SPDX-License-Identifier: LicenseRef-CMSD-1.0
"""Tests for social.cookie_xsite_detail / _xsite_detail_from_conn (ref #749)."""
import sqlite3
from secubox_toolbox import social
def _edges_db():
c = sqlite3.connect(":memory:")
c.row_factory = sqlite3.Row
c.executescript("""
CREATE TABLE social_edges (
ts INTEGER, client_mac_hash TEXT, src_site TEXT,
tracker_domain TEXT, cookie_id_hash TEXT, ja4_hash TEXT,
consent_state TEXT DEFAULT 'none_seen');
""")
return c
def _add(c, ts, client, site, tracker, cid, consent="pre_consent"):
c.execute("INSERT INTO social_edges(ts,client_mac_hash,src_site,"
"tracker_domain,cookie_id_hash,ja4_hash,consent_state) "
"VALUES (?,?,?,?,?,'ja4',?)",
(ts, client, site, tracker, cid, consent))
def test_crosssite_tracker_detected_with_detail():
c = _edges_db()
# same cookie id reused across 2 distinct sites -> cross-site
_add(c, 100, "m1", "news.example", "www.criteo.com", "CID1")
_add(c, 200, "m2", "shop.example2", "www.criteo.com", "CID1", consent="post_consent")
c.commit()
rows = social._xsite_detail_from_conn(c, since=0, top_n=50)
assert len(rows) == 1
t = rows[0]
assert t["tracker_domain"] == "criteo.com"
assert t["site_count"] == 2
assert sorted(t["sites"]) == ["news.example", "shop.example2"]
assert t["client_count"] == 2
assert t["cookie_count"] == 1
assert t["pre_consent_hits"] == 1
assert t["last_seen"] == 200
def test_single_site_cookie_ignored():
c = _edges_db()
_add(c, 100, "m1", "news.example", "tracker.foo", "CID2")
_add(c, 110, "m1", "news.example", "tracker.foo", "CID2")
c.commit()
assert social._xsite_detail_from_conn(c, since=0, top_n=50) == []
def test_null_and_empty_src_site_excluded():
c = _edges_db()
_add(c, 100, "m1", "null", "t.bar", "CID3")
_add(c, 110, "m1", "", "t.bar", "CID3")
_add(c, 120, "m1", "real.site", "t.bar", "CID3")
c.commit()
# only one VALID site remains for CID3 -> not cross-site
assert social._xsite_detail_from_conn(c, since=0, top_n=50) == []
def test_window_filters_old_edges():
c = _edges_db()
_add(c, 100, "m1", "a.example", "t.win", "CIDW")
_add(c, 200, "m1", "b.example2", "t.win", "CIDW")
c.commit()
assert social._xsite_detail_from_conn(c, since=150, top_n=50) == []
def test_ip_literal_tracker_dropped():
c = _edges_db()
_add(c, 100, "m1", "a.example", "192.0.2.5", "CIDIP")
_add(c, 200, "m1", "b.example2", "192.0.2.5", "CIDIP")
c.commit()
assert social._xsite_detail_from_conn(c, since=0, top_n=50) == []
def test_ranking_and_top_n_cap():
c = _edges_db()
# tracker A: 2 clients ; tracker B: 1 client -> A ranks first
_add(c, 100, "m1", "s1.x", "a.trk", "A1"); _add(c, 110, "m2", "s2.x", "a.trk", "A1")
_add(c, 120, "m1", "s1.x", "b.trk", "B1"); _add(c, 130, "m1", "s2.x", "b.trk", "B1")
c.commit()
rows = social._xsite_detail_from_conn(c, since=0, top_n=1)
assert len(rows) == 1
assert rows[0]["tracker_domain"] == "trk" # registrable of a.trk/b.trk
def test_envelope_shape_via_conn(monkeypatch):
c = _edges_db()
_add(c, 100, "m1", "news.example", "www.criteo.com", "CID1")
_add(c, 200, "m2", "shop.example2", "www.criteo.com", "CID1")
c.commit()
class _Ctx:
def __enter__(self): return c
def __exit__(self, *a): return False
monkeypatch.setattr(social, "_conn", lambda: _Ctx())
out = social.cookie_xsite_detail(hours=24, top_n=50)
assert out["window_hours"] == 24
assert isinstance(out["generated_at"], int)
assert out["trackers"][0]["tracker_domain"] == "criteo.com"
```
- [ ] **Step 2: Run the test to verify it fails**
Run: `cd packages/secubox-toolbox && python -m pytest tests/test_cookie_xsite_detail.py -v`
Expected: FAIL — `AttributeError: module 'secubox_toolbox.social' has no attribute '_xsite_detail_from_conn'`
- [ ] **Step 3: Implement the two functions**
In `packages/secubox-toolbox/secubox_toolbox/social.py`, immediately AFTER the `aggregate()` function, add:
```python
def _xsite_detail_from_conn(conn, since: int, top_n: int) -> list:
"""Pure cross-site tracker detail over a social_edges connection.
A (tracker_domain, cookie_id_hash) pair is cross-site when its cookie id is
observed on >= 2 DISTINCT valid src_sites (src_site not in '', 'null') within
the window (ts >= since). For every such pair, aggregate per REGISTRABLE
tracker domain (IP literals dropped). Ranked by client_count, then
site_count, then domain; capped to top_n.
"""
rows = conn.execute(
"SELECT ts, client_mac_hash, src_site, tracker_domain, "
" cookie_id_hash, consent_state "
"FROM social_edges "
"WHERE ts >= ? "
" AND cookie_id_hash IS NOT NULL AND cookie_id_hash <> '' "
" AND src_site NOT IN ('', 'null') "
"LIMIT 50000",
(since,),
).fetchall()
# Pass 1: which (raw tracker_domain, cookie_id_hash) pairs are cross-site.
sites_per_pair: dict = {}
for r in rows:
key = (r["tracker_domain"], r["cookie_id_hash"])
sites_per_pair.setdefault(key, set()).add(r["src_site"])
xsite_pairs = {k for k, s in sites_per_pair.items() if len(s) >= 2}
if not xsite_pairs:
return []
# Pass 2: aggregate the cross-site rows per registrable tracker domain.
agg: dict = {}
for r in rows:
if (r["tracker_domain"], r["cookie_id_hash"]) not in xsite_pairs:
continue
dom = _registrable_domain(r["tracker_domain"])
if not dom or _is_ip(dom):
continue
e = agg.setdefault(dom, {
"tracker_domain": dom, "sites": set(), "clients": set(),
"cookies": set(), "pre_consent_hits": 0, "last_seen": 0,
})
e["sites"].add(r["src_site"])
e["clients"].add(r["client_mac_hash"])
e["cookies"].add(r["cookie_id_hash"])
if r["consent_state"] == "pre_consent":
e["pre_consent_hits"] += 1
if r["ts"] > e["last_seen"]:
e["last_seen"] = r["ts"]
out = [{
"tracker_domain": e["tracker_domain"],
"sites": sorted(e["sites"]),
"site_count": len(e["sites"]),
"client_count": len(e["clients"]),
"cookie_count": len(e["cookies"]),
"pre_consent_hits": e["pre_consent_hits"],
"last_seen": e["last_seen"],
} for e in agg.values()]
out.sort(key=lambda t: (-t["client_count"], -t["site_count"],
t["tracker_domain"]))
return out[:max(0, top_n)]
def cookie_xsite_detail(hours: int = 24, top_n: int = 50) -> Dict:
"""Operator view of cross-site tracker cookies over social_edges.
Mirrors aggregate()'s envelope shape. JWT-gated in the API layer.
"""
if hours < 1 or hours > 24 * 31:
hours = 24
if top_n < 1 or top_n > 500:
top_n = 50
now = int(time.time())
since = now - hours * 3600
out: Dict = {"window_hours": hours, "generated_at": now, "trackers": []}
try:
with _conn() as c:
out["trackers"] = _xsite_detail_from_conn(c, since, top_n)
except sqlite3.Error as e:
log.warning("cookie_xsite_detail: DB error, returning empty: %s", e)
return out
```
Note: confirm `time`, `sqlite3`, `log`, and the `Dict` typing alias are already imported at the top of `social.py` (they are — `aggregate()` uses `time` and `Dict`). If `log` is named differently in this module, match the existing logger name used elsewhere in `social.py`.
- [ ] **Step 4: Run the test to verify it passes**
Run: `cd packages/secubox-toolbox && python -m pytest tests/test_cookie_xsite_detail.py -v`
Expected: PASS (7 tests)
- [ ] **Step 5: Commit**
```bash
git add packages/secubox-toolbox/secubox_toolbox/social.py packages/secubox-toolbox/tests/test_cookie_xsite_detail.py
git commit -m "feat(toolbox): cookie_xsite_detail aggregation over social_edges (ref #749)"
```
---
### Task 2: Toolbox endpoint `GET /admin/cookie-crosssite`
**Files:**
- Modify: `packages/secubox-toolbox/secubox_toolbox/api.py` (add endpoint next to `admin_social_aggregate`)
- Test: `packages/secubox-toolbox/tests/test_cookie_crosssite_api.py` (create)
**Interfaces:**
- Consumes: `social.cookie_xsite_detail(hours, top_n)` from Task 1.
- Produces: `admin_cookie_crosssite(hours: int = 24, top: int = 50) -> dict` — returns the envelope from `cookie_xsite_detail`.
- [ ] **Step 1: Write the failing test**
Create `packages/secubox-toolbox/tests/test_cookie_crosssite_api.py`:
```python
# SPDX-License-Identifier: LicenseRef-CMSD-1.0
"""Tests for GET /admin/cookie-crosssite (ref #749)."""
import asyncio
from secubox_toolbox import api, social
_CANNED = {
"window_hours": 24,
"generated_at": 1782000000,
"trackers": [{
"tracker_domain": "criteo.com", "sites": ["a.example", "b.example2"],
"site_count": 2, "client_count": 3, "cookie_count": 1,
"pre_consent_hits": 2, "last_seen": 1782000000,
}],
}
def test_cookie_crosssite_returns_detail(monkeypatch):
monkeypatch.setattr(social, "cookie_xsite_detail",
lambda hours=24, top_n=50, **kw: dict(_CANNED))
result = asyncio.run(api.admin_cookie_crosssite(hours=24, top=50))
assert result["trackers"][0]["tracker_domain"] == "criteo.com"
assert result["trackers"][0]["site_count"] == 2
assert result["window_hours"] == 24
def test_cookie_crosssite_forwards_params(monkeypatch):
captured = {}
def fake(hours=24, top_n=50, **kw):
captured["hours"] = hours
captured["top_n"] = top_n
return dict(_CANNED)
monkeypatch.setattr(social, "cookie_xsite_detail", fake)
asyncio.run(api.admin_cookie_crosssite(hours=12, top=10))
assert captured == {"hours": 12, "top_n": 10}
```
- [ ] **Step 2: Run the test to verify it fails**
Run: `cd packages/secubox-toolbox && python -m pytest tests/test_cookie_crosssite_api.py -v`
Expected: FAIL — `AttributeError: module 'secubox_toolbox.api' has no attribute 'admin_cookie_crosssite'`
- [ ] **Step 3: Implement the endpoint**
In `packages/secubox-toolbox/secubox_toolbox/api.py`, immediately AFTER the `admin_social_aggregate` function (~line 2870), add:
```python
@router.get("/admin/cookie-crosssite")
async def admin_cookie_crosssite(hours: int = 24, top: int = 50) -> dict:
"""Operator view : cross-site tracker cookies (a cookie id reused across
>= 2 first-party sites) with per-tracker site/client/cookie counts. Read-only
over social_edges; same admin gating as the sibling /admin/* routes.
"""
from . import social as _s
return _s.cookie_xsite_detail(hours=hours, top_n=top)
```
- [ ] **Step 4: Run the test to verify it passes**
Run: `cd packages/secubox-toolbox && python -m pytest tests/test_cookie_crosssite_api.py -v`
Expected: PASS (2 tests)
- [ ] **Step 5: Run the full toolbox social/learn test slice (no regressions)**
Run: `cd packages/secubox-toolbox && python -m pytest tests/test_cookie_xsite_detail.py tests/test_cookie_crosssite_api.py tests/test_learn.py tests/test_social_edges.py -q`
Expected: PASS (all)
- [ ] **Step 6: Commit**
```bash
git add packages/secubox-toolbox/secubox_toolbox/api.py packages/secubox-toolbox/tests/test_cookie_crosssite_api.py
git commit -m "feat(toolbox): GET /admin/cookie-crosssite endpoint (ref #749)"
```
---
### Task 3: Cookies dashboard "Trackers cross-site" panel
**Files:**
- Modify: `packages/secubox-cookies/www/cookies/index.html` (markup card in `#tab-trackers` + JS `loadCrossSite()` + wiring)
**Interfaces:**
- Consumes: `GET /api/v1/toolbox/admin/cookie-crosssite?hours=24` (Task 2), the existing `headers()` JS helper.
- Produces: a rendered table `#crosssite-table`; `loadCrossSite()` called from `switchTab('trackers')` and `refresh()`.
- [ ] **Step 1: Add the card markup**
In `packages/secubox-cookies/www/cookies/index.html`, inside `<div class="tab-content" id="tab-trackers">`, AFTER the existing "Known Tracker Patterns" `<div class="card">…</div>` (after its closing `</div>` for that card, before the `</div>` that closes `#tab-trackers`), insert:
```html
<div class="card">
<div class="card-title">
<span>🕸️ Trackers cross-site (R3)</span>
<span class="badge badge-cyan" id="crosssite-count">0</span>
</div>
<p class="empty" style="margin:0 0 .5rem">Cookies dont l'identifiant est réutilisé sur ≥2 sites first-party par le même client (source : tunnel captif R3).</p>
<table>
<thead>
<tr>
<th>Tracker</th>
<th>Sites suivis</th>
<th>Clients</th>
<th>Cookies</th>
<th>Pré-consent</th>
<th>Vu</th>
</tr>
</thead>
<tbody id="crosssite-table">
<tr><td colspan="6" class="empty">Loading...</td></tr>
</tbody>
</table>
</div>
```
- [ ] **Step 2: Add the `loadCrossSite()` JS function**
In the `<script>` block, immediately AFTER the `loadTrackers()` function (~line 758-773), add:
```javascript
async function loadCrossSite() {
const tbody = document.getElementById('crosssite-table');
const countEl = document.getElementById('crosssite-count');
try {
const res = await fetch('/api/v1/toolbox/admin/cookie-crosssite?hours=24', { headers: headers() });
if (!res.ok) throw new Error('http ' + res.status);
const data = await res.json();
const rows = (data && data.trackers) || [];
countEl.textContent = rows.length;
if (!rows.length) {
tbody.innerHTML = '<tr><td colspan="6" class="empty">Aucune donnée R3 récente — tunnel captif inactif.</td></tr>';
return;
}
tbody.innerHTML = rows.map(t => {
const sites = (t.sites || []).join(', ');
const seen = t.last_seen ? new Date(t.last_seen * 1000).toLocaleString() : '-';
const pc = t.pre_consent_hits > 0
? `<span class="badge badge-red">${t.pre_consent_hits}</span>` : '0';
return `<tr>
<td><strong>${esc(t.tracker_domain)}</strong></td>
<td><span class="badge badge-cyan" title="${esc(sites)}">${t.site_count}</span></td>
<td>${t.client_count}</td>
<td>${t.cookie_count}</td>
<td>${pc}</td>
<td style="white-space:nowrap">${esc(seen)}</td>
</tr>`;
}).join('');
} catch (e) {
countEl.textContent = '0';
tbody.innerHTML = '<tr><td colspan="6" class="empty">Source R3 indisponible.</td></tr>';
}
}
function esc(s) {
return String(s == null ? '' : s).replace(/[&<>"']/g, c => (
{ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c]));
}
```
Note: if an `esc()` (HTML-escape) helper already exists in this `<script>`, do NOT add a second one — reuse the existing one and drop the `esc` definition above.
- [ ] **Step 3: Wire `loadCrossSite()` into tab switch and refresh**
In `switchTab(tab)`, find `case 'trackers': loadTrackers(); break;` and change it to:
```javascript
case 'trackers': loadTrackers(); loadCrossSite(); break;
```
In `refresh()` (~line 943), add a `loadCrossSite();` call alongside the other `loadX()` calls in that function body.
- [ ] **Step 4: Syntax-check the page JS**
Run (extracts the inline script and runs it through node's parser; expect no output / exit 0):
```bash
cd packages/secubox-cookies/www/cookies
python3 - <<'PY'
import re,sys,subprocess,tempfile,os
h=open('index.html',encoding='utf-8').read()
m=re.search(r'<script>(.*?)</script>', h, re.S)
js=m.group(1)
f=tempfile.NamedTemporaryFile('w',suffix='.js',delete=False,encoding='utf-8'); f.write(js); f.close()
r=subprocess.run(['node','--check',f.name]); os.unlink(f.name); sys.exit(r.returncode)
PY
```
Expected: exit 0 (no syntax error). If `node` is unavailable, skip and rely on the manual browser check in Step 5.
- [ ] **Step 5: Manual verification (deploy to board, then browser)**
The cookies www is served by nginx from the deployed package. To verify against the live toolbox endpoint without a full rebuild, copy the edited file to the board and open the dashboard:
```bash
scp index.html root@192.168.1.200:/usr/share/secubox/cookies/www/cookies/index.html 2>/dev/null \
|| scp index.html root@192.168.1.200:/var/www/secubox/cookies/index.html
# confirm the toolbox endpoint answers (operator must be logged in for JWT in browser):
ssh root@192.168.1.200 "curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1:8088/admin/cookie-crosssite?hours=24"
```
Then open the cookies dashboard → **Trackers** tab → confirm the "🕸️ Trackers cross-site (R3)" card renders rows (or the graceful empty state if R3 is idle). Note: the exact nginx docroot for the cookies www is whatever `debian/install` maps `www/cookies/` to — confirm with `ssh root@192.168.1.200 'nginx -T 2>/dev/null | grep -A3 cookies'` if the scp path is uncertain.
- [ ] **Step 6: Commit**
```bash
git add packages/secubox-cookies/www/cookies/index.html
git commit -m "feat(cookies): cross-site trackers panel from toolbox R3 (ref #749)"
```
---
## Self-Review notes
- **Spec coverage:** Toolbox `cookie_xsite_detail` (Task 1) ✓; `GET /admin/cookie-crosssite` (Task 2) ✓; cookies WebUI panel + graceful R3-idle degradation (Task 3) ✓; src_site `''`/`null` filtered at read (Task 1 query) ✓; reuse of `social_edges` + `_registrable_domain`/`_is_ip` ✓; privacy (only hashes/counts/registrable domains exposed) ✓.
- **Home refinement vs spec:** the spec phrased the function as a "sibling of `cookie_xsite_trackers` (learn.py / social.py)"; this plan places it in `social.py` next to `aggregate()` because both are operator-view aggregations over `social_edges` and `aggregate()` is the closest existing pattern (envelope + `_conn` + `_registrable_domain`). This is within the spec's stated options.
- **Type consistency:** envelope keys (`window_hours`, `generated_at`, `trackers`) and row keys (`tracker_domain`, `sites`, `site_count`, `client_count`, `cookie_count`, `pre_consent_hits`, `last_seen`) are identical across Task 1 (producer), Task 2 (canned test), and Task 3 (renderer).

137
docs/superpowers/specs/2026-06-26-cookies-crosssite-trackers-design.md
View File

@ -1,137 +0,0 @@
# Design — Cookies cross-site tracker detection (surface R3 social-graph)
- **Issue:** #749
- **Date:** 2026-06-26
- **Status:** Approved (brainstorm), pending implementation plan
- **Author:** Gérald Kerma / CyberMind
## Problem
The operator wants to *detect cross-site-used cookies and their tracking targets*
("detecter les cross used et les target de suivis"). Investigation showed the
cross-site **correlation already exists** but is invisible to humans:
- `secubox_toolbox/learn.py::cookie_xsite_trackers()` (Anti-Track v2, #633) runs
`GROUP BY cookie_id_hash, tracker_domain HAVING COUNT(DISTINCT src_site) >= 2`
over `social_edges` (toolbox.db). It returns only a **top-N domain list**
consumed by the **auto-blocker** — no detail, no operator view.
- `social_edges` is populated by `sbxmitm/social.go``/__toolbox/social-event`
ingest. Live state (2026-06-26): 841 edges, src_site mostly valid
(`leparisien.fr`=566, `google.com`=110, `chatgpt.com`=40 …; 84 rows have the
literal string `"null"`).
So the gap is purely **surfacing** the existing correlation for the operator:
*which trackers follow our R3 visitors across N sites, with which cookies,
affecting how many clients.*
## Decisions (from brainstorm)
- **Population / source:** the **R3 social-graph** (3rd-party trackers following
our tunnel visitors), NOT the WAF server-side cookie-audit self-audit angle.
- **Surface:** a panel inside the existing **secubox-cookies** dashboard.
- **Source of truth:** `social_edges` in `toolbox.db`, owned and exposed by the
toolbox. The cookies dashboard consumes a toolbox endpoint; it does not read
the DB directly (perms + duplication).
- **Auth path:** the cookies dashboard runs in the operator's browser, which
already carries the operator JWT — it fetches the toolbox endpoint directly.
No server-to-server auth.
## Approach (chosen: A)
**A — Toolbox aggregation endpoint + cookies WebUI panel (chosen).**
Single source of truth, reuses the existing query, no perms/auth friction.
**B — Duplicate the aggregation in the cookies module reading toolbox.db
(rejected).** `toolbox.db` is `0640 secubox-toolbox`; the cookies module runs as
`secubox` → perms friction + duplicated correlation logic.
## Components
### 1. Toolbox — read-only aggregation
New pure function (sibling of `cookie_xsite_trackers`), e.g.
`cookie_xsite_detail(conn, hours: int = 24, top_n: int = 50) -> list[dict]`:
- Reuses the cross-site predicate
(`HAVING COUNT(DISTINCT src_site) >= 2`) but returns **rich rows** per
registrable tracker domain:
- `tracker_domain` (registrable)
- `sites` — sorted list of distinct `src_site` (excludes `''` and `'null'`)
- `site_count`
- `client_count` — distinct `client_mac_hash`
- `cookie_count` — distinct `cookie_id_hash`
- `pre_consent_hits` — count where `consent_state = 'pre_consent'`
- `last_seen` — max ts (epoch)
- Window: only edges with `ts >= now - hours*3600`.
- Ranking: by `client_count` desc, then `site_count` desc, then domain — capped
to `top_n`.
- Defensive: returns `[]` on any `sqlite3.Error` (mirrors existing pattern).
New endpoint (toolbox FastAPI, JWT, read-only):
```
GET /admin/cookie-crosssite?hours=24&top=50
→ { "trackers": [ {tracker_domain, sites, site_count, client_count,
cookie_count, pre_consent_hits, last_seen}, … ],
"window_hours": 24, "generated_at": <epoch> }
```
Placed next to the existing `/admin/social-aggregate` route. Reaches `social_edges`
through the same connection helper the other social endpoints use.
### 2. secubox-cookies — WebUI panel
In `packages/secubox-cookies/www/cookies/index.html`:
- New section **"🕸️ Trackers cross-site"** in the existing "Cookie Tracker"
dashboard.
- A table sorted by client_count then site_count, columns:
*Tracker · Sites suivis (badge N + tooltip listing the sites) · Clients ·
Cookies · Pré-consent · Vu (relative).*
- `loadCrossSite()` does `fetch('/api/v1/toolbox/admin/cookie-crosssite?hours=24')`
with the standard JWT-bearing fetch helper already used by the dashboard.
- Graceful degradation: empty `trackers` (or fetch failure) renders an
informative empty state ("aucune donnée R3 récente — tunnel captif inactif"),
never a broken table.
- No new dependency, no new service, no backend change in the cookies module
itself (pure frontend addition consuming the toolbox endpoint).
## Data flow
```
sbxmitm/social.go → POST /__toolbox/social-event → social_edges (toolbox.db)
(existing) (existing) (existing)
cookie_xsite_detail() ◀──────┘ (new)
GET /admin/cookie-crosssite (new)
cookies dashboard loadCrossSite() fetch + render (new)
```
## Testing
- **Unit (toolbox):** seed an in-memory sqlite `social_edges` with a tracker on
≥2 distinct sites + a 1-site tracker; assert `cookie_xsite_detail` returns only
the cross-site one with correct `site_count` / `client_count` / `cookie_count`,
excludes `src_site IN ('','null')`, respects the time window and `top_n` cap.
- **Endpoint:** assert `GET /admin/cookie-crosssite` requires JWT, returns the
envelope shape, and is read-only.
- **Frontend:** manual — verify the panel renders rows from a live/seeded
endpoint and shows the empty state when `trackers` is `[]`.
## Out of scope
- Fixing the R3 capture flow (edges stale since ~15:45 = idle tunnel, not this
feature's bug).
- Re-correlating / re-deriving edges (reuse `social_edges` as-is).
- Migrating the 84 `src_site='null'` rows (filtered at read time instead).
- The WAF server-side cookie-audit self-audit angle (explicitly deprioritised in
the brainstorm).
## Privacy
All identifiers exposed are already hashed at source: `client_mac_hash` (rotating
daily salt), `cookie_id_hash` (sha256 truncated, raw cookie values never reach the
ingest). The endpoint exposes counts and registrable tracker/site domains only —
no raw cookie values, no client identity. Consistent with the toolbox R2 doctrine.

65
packages/secubox-cookies/www/cookies/index.html
View File

@ -404,29 +404,6 @@
</tbody>
</table>
</div>
<div class="card">
<div class="card-title">
<span>🕸️ Trackers cross-site (R3)</span>
<span class="badge badge-cyan" id="crosssite-count">0</span>
</div>
<p class="empty" style="margin:0 0 .5rem">Cookies dont l'identifiant est réutilisé sur ≥2 sites first-party par le même client (source : tunnel captif R3).</p>
<table>
<thead>
<tr>
<th>Tracker</th>
<th>Sites suivis</th>
<th>Clients</th>
<th>Cookies</th>
<th>Pré-consent</th>
<th>Vu</th>
</tr>
</thead>
<tbody id="crosssite-table">
<tr><td colspan="6" class="empty">Loading...</td></tr>
</tbody>
</table>
</div>
</div>
<!-- Policies Tab -->
@ -653,7 +630,7 @@
// Load data for tab
switch(tab) {
case 'cookies': loadCookies(); break;
case 'trackers': loadTrackers(); loadCrossSite(); break;
case 'trackers': loadTrackers(); break;
case 'policies': loadPolicies(); break;
case 'violations': loadViolations(); break;
case 'settings': loadConfig(); break;
@ -800,44 +777,6 @@
document.getElementById('trackers-table').innerHTML = html;
}
async function loadCrossSite() {
const tbody = document.getElementById('crosssite-table');
const countEl = document.getElementById('crosssite-count');
try {
const res = await fetch('/api/v1/toolbox/admin/cookie-crosssite?hours=24', { headers: headers() });
if (!res.ok) throw new Error('http ' + res.status);
const data = await res.json();
const rows = (data && data.trackers) || [];
countEl.textContent = rows.length;
if (!rows.length) {
tbody.innerHTML = '<tr><td colspan="6" class="empty">Aucune donnée R3 récente — tunnel captif inactif.</td></tr>';
return;
}
tbody.innerHTML = rows.map(t => {
const sites = (t.sites || []).join(', ');
const seen = t.last_seen ? new Date(t.last_seen * 1000).toLocaleString() : '-';
const pc = t.pre_consent_hits > 0
? `<span class="badge badge-red">${Number(t.pre_consent_hits) | 0}</span>` : '0';
return `<tr>
<td><strong>${esc(t.tracker_domain)}</strong></td>
<td><span class="badge badge-cyan" title="${esc(sites)}">${t.site_count}</span></td>
<td>${t.client_count}</td>
<td>${t.cookie_count}</td>
<td>${pc}</td>
<td style="white-space:nowrap">${esc(seen)}</td>
</tr>`;
}).join('');
} catch (e) {
countEl.textContent = '0';
tbody.innerHTML = '<tr><td colspan="6" class="empty">Source R3 indisponible.</td></tr>';
}
}
function esc(s) {
return String(s == null ? '' : s).replace(/[&<>"']/g, c => (
{ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c]));
}
async function loadPolicies() {
const data = await api('/policies') || {};
const policies = data.policies || [];
@ -1002,7 +941,7 @@
}
async function refresh() {
await Promise.all([loadStatus(), loadStats(), loadViolationsPreview(), loadCrossSite()]);
await Promise.all([loadStatus(), loadStats(), loadViolationsPreview()]);
}
// Initial load

10
packages/secubox-toolbox/secubox_toolbox/api.py
View File

@ -2872,16 +2872,6 @@ async def admin_social_aggregate(hours: int = 24) -> dict:
return _s.aggregate(hours=hours)
@router.get("/admin/cookie-crosssite")
async def admin_cookie_crosssite(hours: int = 24, top: int = 50) -> dict:
"""Operator view : cross-site tracker cookies (a cookie id reused across
>= 2 first-party sites) with per-tracker site/client/cookie counts. Read-only
over social_edges; same admin gating as the sibling /admin/* routes.
"""
from . import social as _s
return _s.cookie_xsite_detail(hours=hours, top_n=top)
@router.get("/admin/blacklist")
async def admin_blacklist() -> dict:
"""Phase 13.A (#521) + 13.B (#522) — enforcement-spine status :

83
packages/secubox-toolbox/secubox_toolbox/social.py
View File

@ -1139,89 +1139,6 @@ def aggregate(hours: int = 24) -> Dict:
return out
def _xsite_detail_from_conn(conn, since: int, top_n: int) -> list:
"""Pure cross-site tracker detail over a social_edges connection.
A (tracker_domain, cookie_id_hash) pair is cross-site when its cookie id is
observed on >= 2 DISTINCT valid src_sites (src_site not in '', 'null') within
the window (ts >= since). For every such pair, aggregate per REGISTRABLE
tracker domain (IP literals dropped). Ranked by client_count, then
site_count, then domain; capped to top_n.
"""
rows = conn.execute(
"SELECT ts, client_mac_hash, src_site, tracker_domain, "
" cookie_id_hash, consent_state "
"FROM social_edges "
"WHERE ts >= ? "
" AND cookie_id_hash IS NOT NULL AND cookie_id_hash <> '' "
" AND src_site NOT IN ('', 'null') "
"LIMIT 50000",
(since,),
).fetchall()
# Pass 1: which (raw tracker_domain, cookie_id_hash) pairs are cross-site.
sites_per_pair: dict = {}
for r in rows:
key = (r["tracker_domain"], r["cookie_id_hash"])
sites_per_pair.setdefault(key, set()).add(r["src_site"])
xsite_pairs = {k for k, s in sites_per_pair.items() if len(s) >= 2}
if not xsite_pairs:
return []
# Pass 2: aggregate the cross-site rows per registrable tracker domain.
agg: dict = {}
for r in rows:
if (r["tracker_domain"], r["cookie_id_hash"]) not in xsite_pairs:
continue
dom = _registrable_domain(r["tracker_domain"])
if not dom or _is_ip(dom):
continue
e = agg.setdefault(dom, {
"tracker_domain": dom, "sites": set(), "clients": set(),
"cookies": set(), "pre_consent_hits": 0, "last_seen": 0,
})
e["sites"].add(r["src_site"])
e["clients"].add(r["client_mac_hash"])
e["cookies"].add(r["cookie_id_hash"])
if r["consent_state"] == "pre_consent":
e["pre_consent_hits"] += 1
if r["ts"] > e["last_seen"]:
e["last_seen"] = r["ts"]
out = [{
"tracker_domain": e["tracker_domain"],
"sites": sorted(e["sites"]),
"site_count": len(e["sites"]),
"client_count": len(e["clients"]),
"cookie_count": len(e["cookies"]),
"pre_consent_hits": e["pre_consent_hits"],
"last_seen": e["last_seen"],
} for e in agg.values()]
out.sort(key=lambda t: (-t["client_count"], -t["site_count"],
t["tracker_domain"]))
return out[:max(0, top_n)]
def cookie_xsite_detail(hours: int = 24, top_n: int = 50) -> Dict:
"""Operator view of cross-site tracker cookies over social_edges.
Mirrors aggregate()'s envelope shape. JWT-gated in the API layer.
"""
if hours < 1 or hours > 24 * 31:
hours = 24
if top_n < 1 or top_n > 500:
top_n = 50
now = int(time.time())
since = now - hours * 3600
out: Dict = {"window_hours": hours, "generated_at": now, "trackers": []}
try:
with _conn() as c:
out["trackers"] = _xsite_detail_from_conn(c, since, top_n)
except sqlite3.Error as e:
log.warning("cookie_xsite_detail: DB error, returning empty: %s", e)
return out
def evidence(mac_hash: str, since_seconds: int = 86400) -> Dict:
"""Phase 11.C evidence helper — returns the legal-grade slice
consumed by the bilingual PDF report.

36
packages/secubox-toolbox/tests/test_cookie_crosssite_api.py
View File

@ -1,36 +0,0 @@
# SPDX-License-Identifier: LicenseRef-CMSD-1.0
"""Tests for GET /admin/cookie-crosssite (ref #749)."""
import asyncio
from secubox_toolbox import api, social
_CANNED = {
"window_hours": 24,
"generated_at": 1782000000,
"trackers": [{
"tracker_domain": "criteo.com", "sites": ["a.example", "b.example2"],
"site_count": 2, "client_count": 3, "cookie_count": 1,
"pre_consent_hits": 2, "last_seen": 1782000000,
}],
}
def test_cookie_crosssite_returns_detail(monkeypatch):
monkeypatch.setattr(social, "cookie_xsite_detail",
lambda hours=24, top_n=50, **kw: dict(_CANNED))
result = asyncio.run(api.admin_cookie_crosssite(hours=24, top=50))
assert result["trackers"][0]["tracker_domain"] == "criteo.com"
assert result["trackers"][0]["site_count"] == 2
assert result["window_hours"] == 24
def test_cookie_crosssite_forwards_params(monkeypatch):
captured = {}
def fake(hours=24, top_n=50, **kw):
captured["hours"] = hours
captured["top_n"] = top_n
return dict(_CANNED)
monkeypatch.setattr(social, "cookie_xsite_detail", fake)
asyncio.run(api.admin_cookie_crosssite(hours=12, top=10))
assert captured == {"hours": 12, "top_n": 10}

105
packages/secubox-toolbox/tests/test_cookie_xsite_detail.py
View File

@ -1,105 +0,0 @@
# SPDX-License-Identifier: LicenseRef-CMSD-1.0
"""Tests for social.cookie_xsite_detail / _xsite_detail_from_conn (ref #749)."""
import sqlite3
from secubox_toolbox import social
def _edges_db():
c = sqlite3.connect(":memory:")
c.row_factory = sqlite3.Row
c.executescript("""
CREATE TABLE social_edges (
ts INTEGER, client_mac_hash TEXT, src_site TEXT,
tracker_domain TEXT, cookie_id_hash TEXT, ja4_hash TEXT,
consent_state TEXT DEFAULT 'none_seen');
""")
return c
def _add(c, ts, client, site, tracker, cid, consent="pre_consent"):
c.execute("INSERT INTO social_edges(ts,client_mac_hash,src_site,"
"tracker_domain,cookie_id_hash,ja4_hash,consent_state) "
"VALUES (?,?,?,?,?,'ja4',?)",
(ts, client, site, tracker, cid, consent))
def test_crosssite_tracker_detected_with_detail():
c = _edges_db()
# same cookie id reused across 2 distinct sites -> cross-site
_add(c, 100, "m1", "news.example", "www.criteo.com", "CID1")
_add(c, 200, "m2", "shop.example2", "www.criteo.com", "CID1", consent="post_consent")
c.commit()
rows = social._xsite_detail_from_conn(c, since=0, top_n=50)
assert len(rows) == 1
t = rows[0]
assert t["tracker_domain"] == "criteo.com"
assert t["site_count"] == 2
assert sorted(t["sites"]) == ["news.example", "shop.example2"]
assert t["client_count"] == 2
assert t["cookie_count"] == 1
assert t["pre_consent_hits"] == 1
assert t["last_seen"] == 200
def test_single_site_cookie_ignored():
c = _edges_db()
_add(c, 100, "m1", "news.example", "tracker.foo", "CID2")
_add(c, 110, "m1", "news.example", "tracker.foo", "CID2")
c.commit()
assert social._xsite_detail_from_conn(c, since=0, top_n=50) == []
def test_null_and_empty_src_site_excluded():
c = _edges_db()
_add(c, 100, "m1", "null", "t.bar", "CID3")
_add(c, 110, "m1", "", "t.bar", "CID3")
_add(c, 120, "m1", "real.site", "t.bar", "CID3")
c.commit()
# only one VALID site remains for CID3 -> not cross-site
assert social._xsite_detail_from_conn(c, since=0, top_n=50) == []
def test_window_filters_old_edges():
c = _edges_db()
_add(c, 100, "m1", "a.example", "t.win", "CIDW")
_add(c, 200, "m1", "b.example2", "t.win", "CIDW")
c.commit()
assert social._xsite_detail_from_conn(c, since=150, top_n=50) == []
def test_ip_literal_tracker_dropped():
c = _edges_db()
_add(c, 100, "m1", "a.example", "192.0.2.5", "CIDIP")
_add(c, 200, "m1", "b.example2", "192.0.2.5", "CIDIP")
c.commit()
assert social._xsite_detail_from_conn(c, since=0, top_n=50) == []
def test_ranking_and_top_n_cap():
c = _edges_db()
# tracker A: 2 clients ; tracker B: 1 client -> A ranks first
_add(c, 100, "m1", "s1.x", "a.trk", "A1"); _add(c, 110, "m2", "s2.x", "a.trk", "A1")
_add(c, 120, "m1", "s1.x", "b.trk", "B1"); _add(c, 130, "m1", "s2.x", "b.trk", "B1")
c.commit()
rows = social._xsite_detail_from_conn(c, since=0, top_n=1)
assert len(rows) == 1
assert rows[0]["tracker_domain"] == "a.trk" # registrable of a.trk (_registrable_domain returns last two labels)
def test_envelope_shape_via_conn(monkeypatch):
c = _edges_db()
_add(c, 100, "m1", "news.example", "www.criteo.com", "CID1")
_add(c, 200, "m2", "shop.example2", "www.criteo.com", "CID1")
c.commit()
class _Ctx:
def __enter__(self): return c
def __exit__(self, *a): return False
# Freeze time to 300 so since = 300 - 24*3600 < 0, letting ts=100/200 through.
monkeypatch.setattr(social.time, "time", lambda: 300)
monkeypatch.setattr(social, "_conn", lambda: _Ctx())
out = social.cookie_xsite_detail(hours=24, top_n=50)
assert out["window_hours"] == 24
assert isinstance(out["generated_at"], int)
assert out["trackers"][0]["tracker_domain"] == "criteo.com"