JavaScript Address Info

published: August 12th, 2006

This tool is part of AttackAPI.

The following technique was brought to me by DanBUK. Dan managed to find the internal IP address of the visiting client by establishing a socket between local host and the remote web server. Upon success the socket populates its structure with all kinds of useful stuff among some of which are the internal NATed IP address and the hostname.

The source code can be downloaded from here.

This technique requires Java, however I think that It should be possible to achieve similar result by invoking special ActionScript methods from Flash.

I managed to generalize Dan’s snippet a bit so it works on all platforms that support LiveConnect (firefox, opera). Unfortunately the following POC does not work in IE6 and IE7. However, it is quite easy to circumvent this restriction by packaging a small Java object that can be embedded inside the page that will carry out the attack.

» more | » comments rss | posted by pdp | syndication and integration ( )

Comments

Jordan responds:

fyi — when doing some digging, I found this reference to this exact same technique from a while back:

http://www.derkeiler.com/Maili...../0003.html

pdp responds:

yes, this technique was presented to me by a guys called Dan. researching further the technique origins showed that it has been known for some time now.

Respond

In order to preserve the high standards of GNUCITIZEN, before you post a comment, please take note of the following guidelines:

Commenting is provided as a courtesy only.
Please be brief and relevant to the post.
Please be polite even in disagreement with us or others.
Support claims you wish to make using sources and links.
No personal attacks, name calling, or commercial commenting.
Anyone creating false or multiple identities will be banned.
If you don't have a cogent argument, you will be censored.
If you are purposefully deceptive, you will be censored.
No spamming or flooding.

We appreciate your time and effort in contributing to GNUCITIZEN.

name: (required)

mail: (required)

website:

comment:

GNUCITIZEN Products

	Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.
	Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.
	Websecurify is a division of GNUCITIZEN. The initiative was established to provide a fee web application security framework for automated and manul penetration testing. The service is still in private-beta.
	Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.
	Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.