Building a Selenium-based data collection tool : used for identification and evaluation of cross-website relationships and information leakage

Sammanfattning: There is an increasing number of websites that gives the user the option to log in to that website using a third-party website as identifying provider (IDP). When doing so the IDP (e.g., Facebook, Google, Apple or Twitter) shares information from your IDP profile to the website that you are logging into.This website is then called a relaying party (RP). In these cases, there is a information sharing relationship between the IDP and the RP.In this thesis, we design and implement a crawler that can identify RP-IDP relationships and extract the corresponding app-right agreements that determine which information is allowed to be shared between the RP and IDP, as well as what actions the RP may be allowed to do at the IDP on behalf of the user. To evaluate the accuracy of the tool, we compare collected datasets with manually extracted per-RP information. As part of this evaluation, we also compare the impact of different parameter values used by the tool and network conditions. Finally, we use the tool to collect a larger dataset than what would be easily possible to do manually, and compare the IDP usage among different categories of websites. In the collected datasets we can see some interesting information between the different categories. In our result we can see that with our implementation of the tool it is possible to make a Selenium based tool, and in which environment it performers best.