js获得外网内网IP(杂项拓展)

版权声明:个人速查笔记 https://blog.csdn.net/qq_33981438/article/details/81019589
利用WebRtc ( Firefox 、 Chrome )在支持Rtc的浏览器漏洞可以获取用户的真实内外网IP

想写写一个聊天室的时候想要查看下用户IP,加这么一个功能,然后网上都是写好的接口,就寻思着有没有原生JS能获取到的,结果查找到了个漏洞。
urls: “stun:stun.l.google.com:19302” 这是可以访问到外网IP的 stun。
网上的demo用的是 stun.services.mozilla.com 毫无疑问的翻车 可能地址被墙了。

不信邪的我还真的找到了,但是处于安全性问题JS应该是没有B/S相关的支持直接查询外网的IP,可能需要后端的支持,
翻阅了很多大佬的博客和文章这个BUG出现在09年以前貌似 有点厉害了 且行且珍惜。

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<h4>
    Demo for:
    <a href="https://github.com/diafygi/webrtc-ips">
        https://github.com/diafygi/webrtc-ips
    </a>
</h4>
<p>
    This demo secretly makes requests to STUN servers that can log your
    request. These requests do not show up in developer consoles and
    cannot be blocked by browser plugins (AdBlock, Ghostery, etc.).
</p>
<h4>Your local IP addresses:</h4>
<ul></ul>
<h4>Your public IP addresses:</h4>
<ul></ul>
<h4>Your IPv6 addresses:</h4>
<ul></ul>
<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
<script>
    //get the IP addresses associated with an account
    function getIPs(callback){
        var ip_dups = {};
        //compatibility for firefox and chrome
        var RTCPeerConnection = window.RTCPeerConnection
            || window.mozRTCPeerConnection
            || window.webkitRTCPeerConnection;
        var useWebKit = !!window.webkitRTCPeerConnection;
        //bypass naive webrtc blocking using an iframe
        if(!RTCPeerConnection){
            //NOTE: you need to have an iframe in the page right above the script tag
            //
            //<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
            //<script>...getIPs called in here...
            //
            var win = iframe.contentWindow;
            RTCPeerConnection = win.RTCPeerConnection
                || win.mozRTCPeerConnection
                || win.webkitRTCPeerConnection;
            useWebKit = !!win.webkitRTCPeerConnection;
        }
        //minimal requirements for data connection
        var mediaConstraints = {
            optional: [{RtpDataChannels: true}]
        };
        var servers = {iceServers: [{urls: "stun:stun.l.google.com:19302"}]};

        //construct a new RTCPeerConnection
        var pc = new RTCPeerConnection(servers, mediaConstraints);
        function handleCandidate(candidate){
            //match just the IP address
            var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/
            var ip_addr = ip_regex.exec(candidate)[1];
            //remove duplicates
            if(ip_dups[ip_addr] === undefined)
                callback(ip_addr);
            ip_dups[ip_addr] = true;
        }
        //listen for candidate events
        pc.onicecandidate = function(ice){
            //skip non-candidate events
            if(ice.candidate)
                handleCandidate(ice.candidate.candidate);
        };
        //create a bogus data channel
        pc.createDataChannel("");
        //create an offer sdp
        pc.createOffer(function(result){
            //trigger the stun server request
            pc.setLocalDescription(result, function(){}, function(){});
        }, function(){});
        //wait for a while to let everything done
        setTimeout(function(){
            //read candidate info from local description
            var lines = pc.localDescription.sdp.split('\n');
            lines.forEach(function(line){
                if(line.indexOf('a=candidate:') === 0)
                    handleCandidate(line);
            });
        }, 1000);
    }
    //insert IP addresses into the page
    getIPs(function(ip){
        var li = document.createElement("li");
        li.textContent = ip;
        console.log(ip);



        //local IPs
        if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)){document.getElementsByTagName("ul")[0].appendChild(li);
            console.log(li);}

        //IPv6 addresses
        else if (ip.match(/^[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}$/))
        {document.getElementsByTagName("ul")[2].appendChild(li);
            console.log(li);}
        //assume the rest are public IPs
        else
        {document.getElementsByTagName("ul")[1].appendChild(li);
            console.log(li);}
    });
</script>
</body>
</html>

https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

猜你喜欢

转载自blog.csdn.net/qq_33981438/article/details/81019589