поиск роутера на карте по мак адресу

Форум посвящен особенностям настройки и обслуживания компьютерных систем, описанию тонкостей установки, настройки и использования
Правила форума
придерживайтесь темы форума
Аватара пользователя
Сообщения: 490
Зарегистрирован: 2010.02.06 17:48:52
Контактная информация:

поиск роутера на карте по мак адресу

Сообщение 160r » 2012.02.20 15:07:50

Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user
Welcome. Here is a proof of concept on obtaining *accurate* GPS coordinates of a user sitting behind a web browser via router XSS. The router and web browser themselves contain NO geolocation/GPS data. This is also *not* IP based geolocation.

The method works like this:
1. You visit a malicious web site (why are people so mean?)
2. The web site has a hidden XSS against your router (in this example, I'm using an XSS I discovered in the Verizon FiOS router)
3. The XSS obtains the MAC address of the router via AJAX.
4. The MAC address is then sent to the malicious person. In the test case below, it's sent to me (not that I'm malicious!)
5. I then take the MAC address and send it along to Google Location Services. This is an HTTP-based service where router MAC addresses are mapped to approximate GPS coordinates from other data sources. There are NO special browser requirements, nor does a user need to be prompted. I determined this protocol by using Firefox's Location-Aware Browsing.
6. I grab the coordinates and show it to you in a pretty map below.

If you're on a Verizon FiOS router and logged in, you can test this XSS here. This was tested on a Westell UltraLine Series3 firmware

If you're on Firefox or Chrome, you can test the Location Services by clicking here. While this asks you to share your location, the XSS does NOT prompt the user!

Or, you can simply test the Location by entering a router MAC address:

To view other cool stuff, check out my website or follow my twitter.

developed by samy kamkar, 01/04/2010


Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 1 гость