Image IP Logger - Track any image

(06-20-2018, 06:08 AM)Mimiakira Wrote:

[To see links please register here]

I'm sure it's on the net for sure.

Yes, probably someone already had the same idea.
I'm not releasing yet as i found it to be useful for me.

Can anyone describe how does tool works?

Damn! I cannot wait to get a user's IP address! What can I do with it? The possibilities are endless! I can very inaccurately find the router of the ISP! I can also... well, hack into their computer's mainframe motherboard by using the md5 hash of the IP address, by a series of differential calculus involving complex calculations with the root tree rainbow table, thus, giving me the user's password.

(06-24-2018, 09:45 AM)Mimiakira Wrote:

[To see links please register here]

(06-24-2018, 09:26 AM)r0biba Wrote:

[To see links please register here]

Can anyone describe how does tool works?

So, the OP thread kinda well explained it but, here is the idea behind it.

I upload an image so say to my signature. The signature is running JS in the background (if that makes sense) and so, the image is grabbing your info when you visit the forum thread or, a post that I make on any thread.
Technically this can't work due to the Xenforo foundation or, the code behind it stopping the JS script or malware.

If someone does know an exploit or a web vuln, I would be interested to hear.

Then this is not something new, I mean if you can run JS then it's not a problem getting an IP, and as you said there's thing stopping/blocking the JS script

(06-24-2018, 09:26 AM)r0biba Wrote:

[To see links please register here]

Can anyone describe how does tool works?

So, the OP thread kinda well explained it but, here is the idea behind it.

I upload an image so say to my signature. The signature is running JS in the background (if that makes sense) and so, the image is grabbing your info when you visit the forum thread or, a post that I make on any thread.
Technically this can't work due to the Xenforo foundation or, the code behind it stopping the JS script or malware.

If someone does know an exploit or a web vuln, I would be interested to hear.

The one thing that creeps me the fuck out is the signature that most people have and, it's shows your IP address and ISP information in the signature. Of course it's different for every user since, it displays there own ISP info.

(06-24-2018, 09:26 AM)r0biba Wrote:

[To see links please register here]

Can anyone describe how does tool works?

Simple,
1) Load the program.
2) Write your email
3) Write the image location (example:

[To see links please register here]

)
4) And a name tag to identify where the user come from
5) Generate link and copy/paste to your forum thread

(06-24-2018, 09:45 AM)Mimiakira Wrote:

[To see links please register here]

(06-24-2018, 09:26 AM)r0biba Wrote:

[To see links please register here]

Can anyone describe how does tool works?

So, the OP thread kinda well explained it but, here is the idea behind it.

I upload an image so say to my signature. The signature is running JS in the background (if that makes sense) and so, the image is grabbing your info when you visit the forum thread or, a post that I make on any thread.
Technically this can't work due to the Xenforo foundation or, the code behind it stopping the JS script or malware.

If someone does know an exploit or a web vuln, I would be interested to hear.

The program is in JavaScript but the code uses an API and a delivery system.

About the web vuln, i don't have any...

(06-24-2018, 10:04 AM)Mimiakira Wrote:

[To see links please register here]

The one thing that creeps me the fuck out is the signature that most people have and, it's shows your IP address and ISP information in the signature.

It's certainly clever.

Aside from using the IP to SE the ISP, there's no user- Identifiable Information that can be obtained from an IP address. Given It displays the locality of the ISP, It can be used In combination with other user Information you may have, thereby build a profile from the ground up. It's all about Information gathering, combining It effectively, and formulating an Identity/fingerprint of the user In question.

Looking at this 2 logs it can easily be implemented a way to block logging through images.

Image URL

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Direct header request

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Using Image IP Logger

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.