How to Steal IP Address via Image

In this post, we’ll explore how to create a simple IP logger using PHP. This method involves using a PHP script that logs visitor details when they access an image on your website. While this technique can demonstrate the capabilities of PHP and web server configurations, it's important to emphasize ethical use and compliance with privacy laws.

Step 1: Create functions.php

The functions.php file will contain functions to retrieve the user's browser, IP address, and referrer.

Step 2: Create log.php

The log.php file will include the functions from functions.php and log the browser, IP address, and referrer information into a logs.txt file.

Step 3: Create .htaccess

The .htaccess file will redirect requests for the image bird.jpg to log.php and ensure that the logs cannot be accessed directly.

Explanation

1. functions.php:

   • getBrowser(): Retrieves the user’s browser information from the HTTP_USER_AGENT server variable.

   • getIP(): Attempts to get the user's IP address, checking for forwarded headers first (useful if behind a proxy).

   • getReferer(): Retrieves the referrer URL from the HTTP_REFERER server variable.

2. log.php:

   • Includes functions.php to use its functions.

   • Retrieves the browser, IP address, and referrer.

   • Logs these details into logs.txt with a timestamp.

   • Displays an image, birdy.jpg.

3. .htaccess:

   • Redirects requests for bird.jpg to log.php.

   • Ensures .txt files (such as logs.txt) and .htaccess files cannot be accessed directly from the web.