Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private IP Leakage using WebRTC #9538

Closed
wants to merge 2 commits into from
Closed

Conversation

RootUp
Copy link
Contributor

@RootUp RootUp commented Feb 11, 2018

This library will take advantage of WebRTC function in browsers to get private IP of the user/victim.

Verification

  • Start msfconsole
  • use lib/msf/core/exploit/remote/browser_getprivateip
  • set SRVHOST <IP of MSF system to act as server>
  • set SRVPORT <port of MSF system to act as server>
  • run

Note that there are some edge cases with this code. For example, it doesn't work on Firefox ESR on Kali 1.0.6. However it will be great if this can be implemented in auxiliary/gather/browser_info

@bcoles
Copy link
Contributor

bcoles commented Feb 11, 2018

Wow, the tests passed.

It might be better to create a BrowserInfo mixin for gathering browser info, or maybe it would be better to add the functionality to the BrowserExploitServer mixin, or maybe it shouldn't go in lib/msf/core/exploit at all, and instead go somewhere else.

Thoughts anyone? Paging @sempervictus

@sempervictus
Copy link
Contributor

I'm for the BrowserInfo mixin which would be added to the ExploitServer, but could freestand for its specific purpose.
Thank you @RootUp

@RootUp
Copy link
Contributor Author

RootUp commented Feb 23, 2018

I have been trying to add this in BrowserInfo mixin which would be added to the ExploitServer but no luck, I get lot's of error and exception, However, some one from team please look into this.

1. Whether this should be implemented as a module or a library or both ?

Please advise : @bcoles @busterb @sempervictus @wchen-r7

@busterb
Copy link
Contributor

busterb commented Apr 5, 2018

This is not in the correct location for a module. It should be in the modules directory.

How did you even test this from this location?

@busterb
Copy link
Contributor

busterb commented Apr 5, 2018

I'm going to close this. Feel free to submit a module at some point, but this definitely can't work as-is.

@busterb busterb closed this Apr 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants