• Welcome to Valhalla Legends Archive.
 

Locating An Ip within a HTML Source

Started by Spilled, August 10, 2007, 03:35 AM

Previous topic - Next topic

Spilled

Ok, what I'm looking for here is some opinions on how I would find a Ip with the html source of a site. Somewhat like a Proxy Leecher works. What do you think the most efficent way would be? I'm sure I could do it using the InStr() method but I'm not sure if there is a better way to achieve this goal.

Barabajagal

I'd just search for a section of data with four decimals, anywhere from four to twelve numeric characters, and nothing else in the correct pattern. Depending on the language you use, there may be operators or functions you can use to make your job easier... for example in VB, you can use the Like operator, and compare with an IP format as well as checking for numeric-only values like so:

If strCheck Like "*.*.*.*" Then
    'Fits IP style
    If IsNumeric(Replace$(strCheck, ".", ""))
        'Numbers and Decimals only
    End If
End If

iago

This should grab the line with the IP, a sed can probably be used to get rid of everything else:

curl http://www.site.com | grep "[0-9]+.[0-9]+.[0-9]+.[0-9]+"

Or, if you prefer:

lynx -source http://www.site.com | grep "[0-9]+.[0-9]+.[0-9]+.[0-9]+"
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


warz

i'm thinking you're wanting a website to store the ip addresses of visitors? in that case, i'm not sure if it can be done strictly with html. with php, though, it's simple. the ip address of the visitor is stored in the global variable $REMOTE_ADDR, and can be used like this...


$domain = GetHostByName($REMOTE_ADDR);


and then store that, if you want.

MyndFyre

Quote from: iago on August 10, 2007, 08:28 AM
This should grab the line with the IP, a sed can probably be used to get rid of everything else:

curl http://www.site.com | grep "[0-9]+.[0-9]+.[0-9]+.[0-9]+"

Or, if you prefer:

lynx -source http://www.site.com | grep "[0-9]+.[0-9]+.[0-9]+.[0-9]+"

A stricter version of this regex might be:

"(?:\d{1,3}\.){3}\d{1,3}"

Note that \. should be escaped because "." matches any non-newline character, and that in C-based languages, you should double-up the backslashes.

The most strict version of this I can think of is:

(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)


Note that these are broken into non-capturing groups.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iago

Quote from: MyndFyre[vL] on August 10, 2007, 12:24 PM
Quote from: iago on August 10, 2007, 08:28 AM
This should grab the line with the IP, a sed can probably be used to get rid of everything else:

curl http://www.site.com | grep "[0-9]+.[0-9]+.[0-9]+.[0-9]+"

Or, if you prefer:

lynx -source http://www.site.com | grep "[0-9]+.[0-9]+.[0-9]+.[0-9]+"

A stricter version of this regex might be:

"(?:\d{1,3}\.){3}\d{1,3}"

Note that \. should be escaped because "." matches any non-newline character, and that in C-based languages, you should double-up the backslashes.

The most strict version of this I can think of is:

(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)


Note that these are broken into non-capturing groups.

From a quick view, I don't think those regexes are compatible with Perl/sed's syntax, although I could be wrong.

For fun, here's a quick function I wrote awhile back to identify valid IPs. If he wants to use Perl for this project, it might come in handy:

sub ValidateIp
{
my $ip = shift;

if(!($ip =~ m/^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$/))
{
&Log("IP verification failed on ip: $ip");
&CgiDie("IPs must be in the form of a.b.c.d");
}

if($1 > 255 || $2 > 255 || $3 > 255 || $4 > 255)
{
&Log("IP verification failed on ip: $ip");
&CgiDie("All octets in an ip must be in the range of 0..255");
}
}
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*