I recently came across an interesting PoC on GitHub for utilizing STUN to determine a local LAN IP via JavaScript. This was surprising to me since I thought you generally shouldn't be able to identify the LAN IP in JavaScript so I have started using this in CSRF exploit demonstrations. A brief explanation including a link back to the original work is on the Tripwire State of Security blog here: http://ift.tt/1KR70JJ An interesting note to this is that even though the code references a Mozilla STUN server on the internet, I was able to use this PoC in Chrome on a LAN without any gateway to the Internet. The exploit page was accessed via HTTP (from a local VM) so this is not some special case for the file:// scheme. I tested this on a Windows and OS X Chrome release. I'd be interested to hear any thoughts on why it works without a route to a real STUN server. Thanks, Craig Young Security Researcher, Tripwire VERT @CraigTweets
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment