Closed Burpbounty closed 6 months ago
I like the idea of loading up custom javascript remotely from the js-tap portal, that tracks closely with a feature I had in mind. I'll get to work on that.
Good idea on the webrtc LAN IP.
I like the idea of loading up custom javascript remotely from the js-tap portal, that tracks closely with a feature I had in mind. I'll get to work on that.
Good idea on the webrtc LAN IP.
cool, thank you very much
I'm not sure the WebRTC internal LAN ip trick is going to be effective, every test I've run on this has only been able to come up with the WAN address, which we're already snagging. Do you have some code that you know is effective at discovering the LAN IP address?
It sees the internal IP address trick stopped working in the past year or so, but I'll get the payload inject going soon. Sorry Burpbounty.
Gotta start on the UI work in the dev branch, I hope to have this feature done in the next week or so.
cool, you are very smart... now, WebRTC internal LAN ip trick can not runing chrome browser,, but some browser,or android browser can use webRtc detect interlan ip,it is not suitable for all browsers.
but some other code, i can show you are.
// 获取用户内网IP地址
function getUserLocalIPAddress() {
return new Promise((resolve, reject) => {
window.RTCPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection;
if (!window.RTCPeerConnection) {
reject("Your browser does not support RTCPeerConnection");
}
const pc = new RTCPeerConnection();
pc.createDataChannel("");
pc.createOffer()
.then(offer => pc.setLocalDescription(offer))
.catch(err => reject(err));
pc.onicecandidate = event => {
if (event.candidate) {
const ipRegex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/;
const ipAddress = ipRegex.exec(event.candidate.candidate)[1];
resolve(ipAddress);
pc.onicecandidate = null;
pc.close();
}
};
});
}
// 获取用户CPU、内存、颜色深度、语言、浏览器语言、时区和浏览器插件信息
const clientInfo = {
cpu: navigator.hardwareConcurrency,
memory: navigator.deviceMemory,
colorDepth: screen.colorDepth,
language: navigator.language,
browserLanguage: navigator.browserLanguage,
timeZone: Intl.DateTimeFormat().resolvedOptions().timeZone,
plugins: Array.from(navigator.plugins).map(plugin => ({
name: plugin.name,
filename: plugin.filename
}))
};
getUserLocalIPAddress()
.then(ipAddress => {
clientInfo.localIPAddress = ipAddress;
console.log(clientInfo);
})
.catch(err => console.error(err));
sometime, navigator.plugins
can get client install software.(depending browsers)..
Anyway, this is a good project. Adding custom JavaScript functionality and passing information to JavaScript is a better extension that will make your project more popular
Thanks for that code, I'll take a look at adding this soon. I should have the custom payload stuff finished by this weekend. Gotta few bugs I'm working on, and I need the UI for triggering a custom payload on a single client. Right now I have execute on all clients, and auto execute on new clients.
Custom payload import/export now works.
@Burpbounty I've merged the custom payload changes into main. They seem to be working now. Look over the updated README and let me know if that does what you were hoping for. I'll have to come back to the webrtc stuff later. Closing this issue for now, let me know if you have any problems using it.
can you add new functon ? or optimizing
injectPayload
, i want to load remote javascript files , and get client more informaiton( like client fingerprint information or webrtc ip ) in to JS-Tap project. and add JS-Tap more custorm function ( like custorm javascript funciton )