Using Flash/SWF applications to retrieve a user's "real" IP address

Question

I'm almost certain this is possible, but am not sure how to go about it.

Basic idea: User visits a website using a HTTP/socks proxy. Hidden .swf file is embedded on the site which, when loaded by the client, sends data back to the web server, and that allows the IP to be logged along with a corresponding session ID of some sort which ties the proxy IP and the true IP together.

My question is how would I go about doing this in flash? I've searched for examples, but all I've managed to find on the subject is people claiming that it's possible to do.

Answer 1

I don't think Actionscript has any way of obtaining the IP address of the client computer without performing some sort of remote call to a server, which will resolve the proxy'ed IP address.

Answer 2

I think you might be better pursuing this with a Java applet and the InetAddress class. I haven't tried getting externally visible IP addresses before, but I'd imagine it is possible.

An InetAddress Example

Edit:

The majority of connections are made client to gateway (to n proxies) to service.

The gateway knows the client's IP, but there is no practical reason to surrender it to anyone who asks because it's almost always private anyway. See ME in the diagram below.

(ME:192.168.0.40 -> {GATEWAY:192.168.0.1) [EXT.IP:56.43.22.8} -> YOU:87.53.57.27]

If you need to uniquely identify clients by IP, approximately, then you need the EXT ernal IP. If your client had a direct connection, through only their router say, your server would know this address when they connected. There is no logical reason for Flash Player to know your external IP, never mind expose it through an API because it can't bind listener sockets.

With HTTP proxies, the clients closest (and most unique) external IP is unknown to the server because servers only see the last proxy in a chain. Furthermore, what purpose is a proxy server that can expose it's clients addresses - doing so would render that proxy moot.

So what about Flash Player and P2P? Again, no cigar;

All this activity happens in native code, in parts of the VM invisible to the sandbox your code runs in. Even if you could access it, it would be completely useless if your clients connect through a proxy - the client only knows about the first hop and the destination, which may be unreachable without proxy x - and the server only knows about client y, which may or may not be the actual client, or the last proxy in a chain of n proxies...

To clarify:

• on the outside, the only reason to know a client address is to connect to it
• on the inside, the only reason to know your external address is to open a port for others to initiate connections to you
• servers only see the last link in the chain, they need to be told anything else, like what destination to make a client connection to, but...
• Flash can't open listeners sockets, so it would never need to know who it is on the outside...
• and even if it did one day, you'd be out of luck because a client using HTTP proxy is probably unreachable, otherwise why bother with the proxy?

If the whole reason behind wanting IP addresses is to uniquely ID clients? Generate a GUID and store it with SharedObject - I know I could have said this sooner, hah