[CTA] Catch Them All or how to obtain the IP address of any computer on the Internet

null

Until now I had told you how to obtain the IP address of any email sent to you by Yahoo or Hotmail but there were still situations in which it was not possible to get it.

These weeks I’ve been playing with Google App Engine And, as I usually like to consider “projects” when it comes to learning new things, I have chosen to give a solution to the issue of ips capture so that anyone, without programming knowledge, can count on this tool.

Tool description

Its purpose is to allow your victim to offer a url to any resource on the Internet (web page, image, video, pdf, …) and that his IP address, without his realizing it, is registered.

Tool operations

Creating the fake url

You just have to use the following address as a link to the resource that interests you

http://upload-file.appspot.com?url=XXXXXXXXX

where:

  • XXXXXXXXX is the url to the resource that you want to offer to your victim

Examples:

Use of fake addresses

As many as your imagination allows you; as an example:

  1. Any link what goals on you email you can mask it with one of the fake urls above. In this way, when your victim clicks on the link to see what you indicate, they will be registered
  2. The url to someone image in a mail electronic. Thus, just by viewing it, it will be registered.
  3. Link in any forum or comment (it is preferable that the url is not visible to avoid suspicions)
  4. Images on any web or blog (I apologize publicly because to test the service I opted to put one of the images from the Informático de Guardia blog in this way and the ips of many of those who visit me regularly were registered;))

Check the IP of the victims

As simple as using the url that I gave you earlier but without the parameter url.

In other words: you just have to put the following url in your browser

http://upload-file.appspot.com

the system will show you a screen like this one where you can see the latest victims who have fallen

nullFuture

Following the KISS (Keep It Simple Stupid) principle and the agile methodologies of which, little by little, I am becoming a faithful follower, I have chosen to release an initial version of the project that meets the basic objective of registering the IPs of the people to whom we send a “fake url”.

From there, and depending on the acceptance of the project, I would like to expand it with the needs (and suggestions) of its users.

The idea is simple:

  1. why invest time in something that is not used
  2. If used, I will include what people demand (it makes no sense to do things that occur to me / feel like me if they don’t serve anyone later)

Improvements I can think of

I, like any developer, am already missing things in the project:

  • Possibility of receiving a notification when my victim visit the fake url I have sent you.
  • Show more of the last 50 visits received.
  • Group visits by url false showing only the last IP and access time so that more results can appear on the screen.
  • Search of visits by the false url so that I can find my victims even if it does not appear in the list of the last 50 captures.
  • Url generator false so that you don’t have to remember the syntax required to use the service.

Readers’ Suggestions

From here I invite you to contribute ideas/ suggestions if you consider that the project may be worthwhile.

Among the contributions that have been collected in the comments we find:

  • [@Feithon] Register extended information of the victims: browser version, operating system used, …

I appreciate equally comments unfavorable as long as they are constructive and done with education: I firmly believe that you learn more from mistakes than from patting on the back 😉

Deja un comentario