CODEWITHSUNDEEP
javascriptipwebrtcpublic
Vinod
Vinod

Reputation: 21

Retrieving Public IP address of a client machine using webRTC

We are unable get the public IP address of a client machine. It is showing the sdp is undefined while executing the code. Below is the code.

Get current IP in JS (no third party services)

https://github.com/diafygi/webrtc-ips

//get the IP addresses associated with an account
function getIPs(callback){
    var ip_dups = {};

    //compatibility for firefox and chrome
    var RTCPeerConnection = window.RTCPeerConnection
        || window.mozRTCPeerConnection
        || window.webkitRTCPeerConnection;
    var useWebKit = !!window.webkitRTCPeerConnection;

    //bypass naive webrtc blocking using an iframe
    if(!RTCPeerConnection){
        //NOTE: you need to have an iframe in the page right above the script tag
        //
        //<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
        //<script>...getIPs called in here...
        //
        var win = iframe.contentWindow;
        RTCPeerConnection = win.RTCPeerConnection
            || win.mozRTCPeerConnection
            || win.webkitRTCPeerConnection;
        useWebKit = !!win.webkitRTCPeerConnection;
    }

    //minimal requirements for data connection
    var mediaConstraints = {
        optional: [{RtpDataChannels: true}]
    };

    var servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

    //construct a new RTCPeerConnection
    var pc = new RTCPeerConnection(servers, mediaConstraints);

    function handleCandidate(candidate){
        //match just the IP address
        var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/
        var ip_addr = ip_regex.exec(candidate)[1];

        //remove duplicates
        if(ip_dups[ip_addr] === undefined)
            callback(ip_addr);

        ip_dups[ip_addr] = true;
    }

    //listen for candidate events
    pc.onicecandidate = function(ice){

        //skip non-candidate events
        if(ice.candidate)
            handleCandidate(ice.candidate.candidate);
    };

    //create a bogus data channel
    pc.createDataChannel("");

    //create an offer sdp
    pc.createOffer(function(result){

        //trigger the stun server request
        pc.setLocalDescription(result, function(){}, function(){});

    }, function(){});

    //wait for a while to let everything done
    setTimeout(function(){
        //read candidate info from local description
        var lines = pc.localDescription.sdp.split('\n');

        lines.forEach(function(line){
            if(line.indexOf('a=candidate:') === 0)
                handleCandidate(line);
        });
    }, 1000);
}

//Test: Print the IP addresses into the console
getIPs(function(ip){console.log(ip);});

While executing the code we are getting this error message:

'Cannot read property 'sdp' of null'

Upvotes: 1

Views: 2554

Answers (2)

divinelemon
divinelemon

Reputation: 2097

As of this writing, you cannot leak the private IP address of your users.

However, I found a github repo webrtc-ip which can leak a user's public IP address using WebRTC. This is powerful because you cannot trace it, as nothing is shown in the Networks tab.

Sadly, this leak does not work for private IPs, due to the gradual shift to mDNS (at least for WebRTC), which is completely in this great blog. Regardless, here's a working demo:

https://webrtc-ip.herokuapp.com/

I am not sure if this leaks your true IP address regardless of a proxy, but feel free to test it out.

If you look at the repo you referenced, the issues clearly state that the repo does not work and that the repository is not being maintained.

Upvotes: 0

Laurent
Laurent

Reputation: 14401

The example code you are referencing is outdated and their demo page is no longer working either on recent Chrome versions:

https://diafygi.github.io/webrtc-ips/

Furthermore, it seems to use features that are not supported by some browsers.

I don't know your requirements but it is quite standard to send a request to a server in order to discover the public IP of a client. The server looks at headers (e.g. x-forwarded-for, this depends on the Web server used) and sends it back to the requester.

There also exist services such as Ipregistry (disclaimer: I run the service) that do it for you and return even more interesting information: client IP address, location, currency, threat data, etc.

Upvotes: 1

Related Questions