How can a server find real client IP address? - javascript

I can only access the internet from my place from behind a NAT and a proxy. This site however also shows my machine's private LAN address, as well as my NAT's public address. They are apparently using javascript in the process, but I can only find code where they set the value, but not how they find it. So, how can we find out the private IP address of a client machine using javascript?

They're using Java for that:
<span class="pbb" id="lanip"><b>Router IP Address Testing...</b></span>
<script>
function MyAddress(IP)
{ document.getElementById("lanip").innerHTML = IP; }
</script>
<applet code="MyAddress.class" MAYSCRIPT width=0 height=0>
You Need To Enable Java For This To Work
</applet>

Are you sure you're behind just a NAT router? If you're behind a proxy, the proxy might well be adding an X-Forwarded-For header.

Related

icecast and mixxx setup - clients cannot hear my radio station

I just finished setting up icecast2 server and mixxx in my computer. I can listen to my radio through the url: http://127.0.0.1:8000/soylatino. However, I asked my friends in another states if they can listen to my radio and they said that they cannot listen anything, but a message of Error #2032 came up after they hit play button. They also have adobe flash player working in their computers. Can someone please tell me if I am doing something wrong by trying to configure my server or maybe something else is wrong?
Thanks a lot in advance for your support.
I am using the following xml parameters in icecast.xml file:
<!-- You may have multiple <listener> elements -->
<listen-socket>
<port>8000</port>
<!-- <bind-address>127.0.0.1</bind-address> -->
<!-- <shoutcast-mount>/stream</shoutcast-mount> -->
</listen-socket>
<!--
<relay>
<server>127.0.0.1</server>
<port>8080</port>
<mount>/soylatino</mount>
<local-mount>/different.ogg</local-mount>
<relay-shoutcast-metadata>0</relay-shoutcast-metadata>
</relay>
-->
In mixxx live broadcasting settings, I am using the following settings:
Type: icecast2,
Host: 127.0.0.1,
Port: 8000,
Mount: /soylatino,
Login: source,
Password: mypassword,
Then, when I hit OK button, a message appears:
Mixx has successfully connected to the streaming server.
Next: I wrote the following code in my html page:
<div id="container">Get the Flash Player to see this player.
<script type="text/javascript" src="http://www.shoutcheap.com/flashplayer/skins/swfobject.js"></script>
<script type='text/javascript'>
var s1 = new SWFObject('http://www.shoutcheap.com/flashplayer/skins/player.swf','player',"340","50","9","#FFFFFF");
s1.addParam('allowfullscreen','true');
s1.addParam('allowscriptaccess','always') s1.addParam("flashvars","skin=http://www.shoutcheap.com/flashplayer/skins/grungetape.swf&title=Live Stream&type=sound&file=http://127.0.0.1:8000/soylatino%3Ftype%3D.mp3 &13202692901&duration=99999&id=scplayer&autostart=true");
s1.write("container");
This is my page: www.followperu.com/radio.html
127.0.0.1 is a special IP address used for loopback. That is, 127.0.0.1 always means yourself... your own computer.
You can connect to 127.0.0.1 because you're running the server on the same computer as Mixxx. However, when your friends try to connect to 127.0.0.1, their browser tries to connect to their own computers, not yours.
While you can use 127.0.0.1, you need to give your friends your public IP address. In most home network setups, you only have one public IP address which your router handles. Your router then assigns private IP addresses to other computers on your network, and handles routing requests between the two networks via NAT. If you Google for, "what is my IP address?", it will give you your public IP address. (You can also get this information in your router's configuration.) Next, make sure you have forwarded over port 8000 from your router to your computer's private IP address. (This private IP address is not the loopback 127.0.0.1. It will be in one of the private network blocks, such as 10.0.0.0 or 192.168.0.0 or 172.16.0.0.)

Get running python server IP address in Javascript

I have a python flask app running on my server:
if __name__ == '__main__':
port = int(os.environ.get("PORT", 6600))
app.run(host='0.0.0.0', port=port)
And I have a JS script getting information from that app, I don't want to change manually th IP or domain in the JS script every time I deploy or change the domain so I'm asking is there any way for the JS to know the IP or hostname of the python app ?
Here's my structure:
index.py <= main app
static
**index.html
**script.js
Thanks
Register a domain name and stick with it. Use the domain name in your javascript and/or config.
Make sure that the registrar provides an interface for updating the "A record" (IP address) and point it at your server. Whenever you change IP address, update the A record for your domain.
If I understand your question correctly, you pretty much have two options at your disposal depending on your setup.
Option 1: If your JavaScript code is running on the same machine as your Python script, you could simply always just access it from 127.0.0.1 from your JavaScript code (because binding to 0.0.0.0 will make the Python server accessible from all interfaces, including the loopback interface at 127.0.0.1).
Option 2: If your JavaScript code lives on a remote server, your simplest solution is going to be to use some kind of Dynamic DNS service as an intermediary. So you'll end up with two domains for your Python server: one static one available to the rest of the world, like www.mypythonserver.com, and one dynamic DNS entry only known by your JavaScript code, like mypythonserver.noip.me (hard-coded permanently into your JavaScript code). Both of these domains should always resolve to your Python server's host address, with no manual intervention necessary for the dynamic DNS entry.
You can use the templating in the script file which would get filled with the port number when user requests the script.
There are many templates available at :
https://wiki.python.org/moin/Templating
Usually it would be like
// in script.js
var myport = {{ port }};
and in your python code :
# if request is for script.js
# respond with template
request.send(my_templating_engine('script.js' , port))

How to recognize IPV6 private and loopback addresses in node.js?

Currently I am in need of being able to tell the difference between a private address and a web reachable one.
I need to be able to test for the following:
You are given a list of ipv6 on an interface and need to know which addresses are web reachable. It is possible for none of these addresses to be non private. If the address is changed, it would be best to be able to track which one (I can figure that out after I have a private address test method).
This is written in javascript on node.js
What you're looking for is the IPv6 scope: "web reachable" are addresses in the global scope. The scopes are described here:
http://en.wikipedia.org/wiki/IPv6_address#IPv6_address_scopes
You could parse the address yourself -- OR you could save yourself some time and use the ipv6 module (npm install ipv6 --save):
var v6 = require('ipv6').v6;
var addr = new v6.Address('2001:db8:85a3:8d3:1319:8a2e:370:7348');
if(addr.getScope()==='Global'){
console.log('valid global ipv6 address');
}
Disclaimer: I don't really know that much about IPv6...but I'm figuring it out. I found this discussion of the different scopes useful, by the way:
Link-local and global IPs on IPv6 interfaces
I'm working with the following assumptions:
you're using appropriate standards to define private vs. web-reachable
for our purposes web-reachable means not private
in particular, we're only interested in the format of the address, not whether a device will actually respond at that address
... with those assumptions, it should be fairly easy. According to this page (which links here), you just have to test that the address starts with fd1, perhaps with the regular expression /^fd1/, to confirm that it is a private address.
Likewise, according to this page, you can test for 0:0:0:0:0:0:0:1 or ::1 for the loopback address.

Javascript - Simple - getting an Ip from a URL

I am simply trying to achieve something like this:
function getIp() {
var urlenter = document.getElementById('io');
var IPOUT = urlenter.IpAdress !------HERE!!!!!!!!------!
location.href = IPOUT;
}
so if I typed 'facebook.com' in 'io' it would set the href to the ip adress of facebook.com
JavaScript doesn't have any concept of hostnames or IP addresses. You would have to use an external service to resolve an IP address from a hostname.
That's not possible with JavaScript alone.
The resolving between IP addresses and hostnames are handled at the DNS level, which is way before JavaScript ever comes to life. It only gets to know the host it is connected to, whether that is by an actual hostname or an IP address.
Still though, you could have JavaScript connect to an outside service, e.g. your server via Ajax, and have it make the resolving.

Isn't this an application(*) vulnerability? (Javascript and HTTP)

just wondering. Isn't this considered a threat?
Let's say that 192.168.0.1 is a networkrouter with a administrationpanel on port 80. If you get a user to execute a similar snippet, wouldn't you be able to "bruteforce" the password? Considering network devices like networkrouters often feature default usernames and passwords.
<script>
function imgerror(data)
{
alert('The following '+data.src+ ' failed due to wrong password/username.');
}
</script>
<img src="user:password#192.168.0.1/menu_button.gif" onerror="imgerror(this)">
menu_button.gif is in this case a button used in the administrationpanel - and protected by http basic authentication.
It would only be a vulnerability if the developer/network administrator didn't care about security on their network.
It is VERY old idea http://web.archive.org/web/20070315010517/www.spidynamics.com/spilabs/js-port-scan/
javascript:var i=document.createElement('IFRAME');i.src='http://192.168.1.1/';document.body.appendChild(i);void(0);
Try this one, and find crossnetwork warning in the iframe below*.
requires aware UA :)
Techniques varies, the essence is the same - to execute script at the trusted side of firewall
This is possible, even more sofisticated with some more lines of JS/Ajax (see XXS).
What that means is you cannot trust NOBODY, even in your own network. If you cannot trust nobody and you have a basic security schema (as basic http authentification) you must use hard breakable passwords or if security is an issue (most private users do not know what security means at all) you MUST apply secure protocols.
If you use standard or blank passwords is leting the door open.

Categories

Resources