Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private IP Leakage using WebRTC #9538

Closed
wants to merge 2 commits into from

Conversation

Projects
None yet
4 participants
@RootUp
Copy link
Contributor

RootUp commented Feb 11, 2018

This library will take advantage of WebRTC function in browsers to get private IP of the user/victim.

Verification

  • Start msfconsole
  • use lib/msf/core/exploit/remote/browser_getprivateip
  • set SRVHOST <IP of MSF system to act as server>
  • set SRVPORT <port of MSF system to act as server>
  • run

Note that there are some edge cases with this code. For example, it doesn't work on Firefox ESR on Kali 1.0.6. However it will be great if this can be implemented in auxiliary/gather/browser_info

@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Feb 11, 2018

Wow, the tests passed.

It might be better to create a BrowserInfo mixin for gathering browser info, or maybe it would be better to add the functionality to the BrowserExploitServer mixin, or maybe it shouldn't go in lib/msf/core/exploit at all, and instead go somewhere else.

Thoughts anyone? Paging @sempervictus

@sempervictus

This comment has been minimized.

Copy link
Contributor

sempervictus commented Feb 17, 2018

I'm for the BrowserInfo mixin which would be added to the ExploitServer, but could freestand for its specific purpose.
Thank you @RootUp

@RootUp

This comment has been minimized.

Copy link
Contributor Author

RootUp commented Feb 23, 2018

I have been trying to add this in BrowserInfo mixin which would be added to the ExploitServer but no luck, I get lot's of error and exception, However, some one from team please look into this.

1. Whether this should be implemented as a module or a library or both ?

Please advise : @bcoles @busterb @sempervictus @wchen-r7

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Apr 5, 2018

This is not in the correct location for a module. It should be in the modules directory.

How did you even test this from this location?

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Apr 5, 2018

I'm going to close this. Feel free to submit a module at some point, but this definitely can't work as-is.

@busterb busterb closed this Apr 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.