Ditto originated from a scientific research project whose goal was to analyze the security of dedicated URL shortening services. It is being open-sourced to promote the health of the security community and to build more secure short-link services.
Misdirection of Trust: Demystifying the Abuse of Dedicated URL Shortening Service
Zhibo Zhang, Lei Zhang, Zhangyue Zhang, Geng Hong, Yuan Zhang, Min Yang
Network and Distributed System Security (NDSS) Symposium 2025
If you use Ditto or some of our code logic, or some of the interesting cases found by Ditto, please cite our paper as follows:
To be presented soon
Disclaimer: All use of Ditto for malicious activities is prohibited.
Overarching Goal
This repository contain the following modules:
- DUSS API Static Analysis
- DUSS API Vulnerability Detection
├── README.md
├── StaticAnalysis # Static API Analysis of Ditto
│ ├── res # This folder contians basic project condiguraiton files, include ICC handler and Network Library API signatures.
│ │ ├── AndroidCallbacks.txt
│ │ ├── EasyTaintWrapperSource.txt
│ │ ├── IPCMethods.txt
│ │ ├── IccLinksConfigFile.txt
│ │ ├── NetworkAPI.json
│ │ ├── NetworkAPIRequest.txt
│ │ ├── NetworkAPIResponse.txt
│ │ ├── androidClassPrefixes.list
│ │ ├── androidClasses.list
│ │ ├── iccta.properties
│ │ └── networkcallback.txt
│ └── src # The source code of API Inference
│ ├── WebAPIAnalyzer # Main logic of DUSS API extraction (include )
│ │ ├── APIAnalyzer.java # Extract the Web API call stacks
│ │ ├── APIURLStrategy.java # The default URL extration strategy
│ │ ├── GdmStrategy.java
│ │ ├── Models # Basic Data Structure Models
│ │ │ ├── APIEndpoint.java
│ │ │ └── APIURL.java
│ │ ├── MoshiGSONStrategy.java # Match MoshiGSON data structure
│ │ ├── ORGJSONStrategy.java # Match ORGJSON data structure
│ │ ├── OkHttpStrategy.java # URL extraction strategy for Okhttp
│ │ ├── RetrofitStrategy.java # URL extraction strategy for Retrofit
│ │ ├── Snippet.java # Data structure of POI call stacks
│ ├── analyze
│ │ └── Main.java # Main function of StaticAnalysis
│ ├── cfg # Utils for building control-flow graph
│ │ ├── CfgFactory.java
│ │ └── Path.java
│ ├── cg # Utils for building call graph with inter-procedure analysis
│ │ ├── CallGraphUtils.java
│ │ ├── ICFG.java
│ │ └── UnitSelect.java
│ ├── component
│ │ ├── EntryPointAnalyze.java # Analyze the total entrypoints of an Android app
│ │ ├── FragementCreater.java # Analyze Android fragments
│ │ └── ResolveManifest.java # Analyze Android Manifest files in APK
│ ├── constant
│ │ ├── ApkAndJavaConstants.java
│ │ ├── EntryPointsDefinition.java
│ │ ├── IPCPointDefinition.java
│ │ └── NetworkAPIDefinition.java
│ ├── dataflow # Utils for building data-flow graph, and perform backward/forward analysis.
│ │ ├── AbstractDataFlow.java
│ │ ├── AccessPathTag.java
│ │ ├── Analyze.java
│ │ ├── BackwardDataFlow.java
│ │ ├── CallSite.java
│ │ ├── DataFlowEngine.java
│ │ ├── Event.java
│ │ ├── EventQueue.java
│ │ ├── FileInfo.java
│ │ ├── FileType.java
│ │ ├── ForwardDataFlow.java
│ │ ├── Point.java
│ │ ├── RuleChecker.java
│ │ └── TaintWrapper.java
│ └── util # Utils for the default project configuration.
│ ├── DirTraversal.java
│ ├── Log.java
│ ├── SootInit.java
│ └── StringUtil.java
├── frida-module.js #
└── TestApk # Demo app
This project relies on several open source projects, including Soot (4.6.0), TextExerciser, and Frida. To run Ditto, configure and build the code according to the corresponding project requirements.