版权声明:个人速查笔记 https://blog.csdn.net/qq_33981438/article/details/81019589
利用WebRtc ( Firefox 、 Chrome )在支持Rtc的浏览器漏洞可以获取用户的真实内外网IP
想写写一个聊天室的时候想要查看下用户IP,加这么一个功能,然后网上都是写好的接口,就寻思着有没有原生JS能获取到的,结果查找到了个漏洞。
urls: “stun:stun.l.google.com:19302” 这是可以访问到外网IP的 stun。
网上的demo用的是 stun.services.mozilla.com 毫无疑问的翻车 可能地址被墙了。
不信邪的我还真的找到了,但是处于安全性问题JS应该是没有B/S相关的支持直接查询外网的IP,可能需要后端的支持,
翻阅了很多大佬的博客和文章这个BUG出现在09年以前貌似 有点厉害了 且行且珍惜。
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<h4>
Demo for:
<a href="https://github.com/diafygi/webrtc-ips">
https://github.com/diafygi/webrtc-ips
</a>
</h4>
<p>
This demo secretly makes requests to STUN servers that can log your
request. These requests do not show up in developer consoles and
cannot be blocked by browser plugins (AdBlock, Ghostery, etc.).
</p>
<h4>Your local IP addresses:</h4>
<ul></ul>
<h4>Your public IP addresses:</h4>
<ul></ul>
<h4>Your IPv6 addresses:</h4>
<ul></ul>
<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
<script>
//get the IP addresses associated with an account
function getIPs(callback){
var ip_dups = {};
//compatibility for firefox and chrome
var RTCPeerConnection = window.RTCPeerConnection
|| window.mozRTCPeerConnection
|| window.webkitRTCPeerConnection;
var useWebKit = !!window.webkitRTCPeerConnection;
//bypass naive webrtc blocking using an iframe
if(!RTCPeerConnection){
//NOTE: you need to have an iframe in the page right above the script tag
//
//<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
//<script>...getIPs called in here...
//
var win = iframe.contentWindow;
RTCPeerConnection = win.RTCPeerConnection
|| win.mozRTCPeerConnection
|| win.webkitRTCPeerConnection;
useWebKit = !!win.webkitRTCPeerConnection;
}
//minimal requirements for data connection
var mediaConstraints = {
optional: [{RtpDataChannels: true}]
};
var servers = {iceServers: [{urls: "stun:stun.l.google.com:19302"}]};
//construct a new RTCPeerConnection
var pc = new RTCPeerConnection(servers, mediaConstraints);
function handleCandidate(candidate){
//match just the IP address
var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/
var ip_addr = ip_regex.exec(candidate)[1];
//remove duplicates
if(ip_dups[ip_addr] === undefined)
callback(ip_addr);
ip_dups[ip_addr] = true;
}
//listen for candidate events
pc.onicecandidate = function(ice){
//skip non-candidate events
if(ice.candidate)
handleCandidate(ice.candidate.candidate);
};
//create a bogus data channel
pc.createDataChannel("");
//create an offer sdp
pc.createOffer(function(result){
//trigger the stun server request
pc.setLocalDescription(result, function(){}, function(){});
}, function(){});
//wait for a while to let everything done
setTimeout(function(){
//read candidate info from local description
var lines = pc.localDescription.sdp.split('\n');
lines.forEach(function(line){
if(line.indexOf('a=candidate:') === 0)
handleCandidate(line);
});
}, 1000);
}
//insert IP addresses into the page
getIPs(function(ip){
var li = document.createElement("li");
li.textContent = ip;
console.log(ip);
//local IPs
if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)){document.getElementsByTagName("ul")[0].appendChild(li);
console.log(li);}
//IPv6 addresses
else if (ip.match(/^[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}$/))
{document.getElementsByTagName("ul")[2].appendChild(li);
console.log(li);}
//assume the rest are public IPs
else
{document.getElementsByTagName("ul")[1].appendChild(li);
console.log(li);}
});
</script>
</body>
</html>
https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/