Some anonymous user made a comment with a link to an interesting text. I tested this stuff and it really works.
Skype user IP-address disclosure
1. Download this patched version of Skype 5.5:
http://skype-open-source.blogspot.com/2012/03/skype55-deobfuscated-version-released.html
2. Turn on debug-log file creation via adding a few registry keys.
https://github.com/skypeopensource/skypeopensource/wiki/skype-3.x-4.x-5.x-enable-logging
3. Make "add a Skype contact" action, but do not send add request, just click on the user to view his vcard.
4. Have a look at the log file to find the desired skypename.
The record will be like this for real user ip: -r195.100.213.25:31101
And like this for user internal network card ip: -l172.10.5.17
21:16:45.818 | T#3668 PresenceManager: | noticing skypetestuser1 0x3e54a539a91a19fc-s-s65.55.223.23:40013-r195.100.213.25:31101-l172 .10.5.17:22960 23d23109 82f328ff
5. Catch that skype user via whois service.
http://nic.ru/whois/?query=195.100.213.25
The mentioned steps will help you to get the following information about a skype user: City, Country, Internet provider and internal user ip-address.
Now, you can troll him about CIA and Mossad, he-he.
Orginal link:
Skype user IP-address disclosure
http://pastebin.com/rBu4jDm8
Why does the client need to know the remote clients public IP?
ReplyDeleteDoes Skype use a central hub where all clients connect to?
Because of peer2peer network nature.
DeleteAny way to defend myself from this stupid hole?
ReplyDeleteUse VPN or skype under freecap tool with socks/proxy.
DeleteWeb-service for find out skype users ip.
ReplyDeletehttp://skype-ip-finder.tk/
http://skype-ip-finder.in/
DeleteAny way to do this in Linux?
ReplyDeletehttp://bo0om.ru/bezopasnost/probivaem-ip-v-skype.html
ReplyDeleteYes-yes
More details on:
ReplyDeletehttp://nickfurneaux.blogspot.com/2012/04/skype-ip-addresses-in-clear.html
And here:
ReplyDeletehttp://www.ghacks.net/2012/04/29/skype-revealing-remote-and-local-ip-address/
wow.. this is cool O.o
ReplyDeleteMore post coming:
ReplyDeletehttp://www.h-online.com/security/news/item/Skype-divulges-user-IP-addresses-1564236.html
http://www.theverge.com/2012/4/30/2988313/skype-skypekit-ip-address-hack
ReplyDeletehttp://news.cnet.com/8301-1035_3-57424107-94/skype-exploit-reveals-user-ip-addresses/
ReplyDeletehttp://www.pcmag.com/article2/0,2817,2403758,00.asp
ReplyDeleteSkype strikes back: "Its not our network bug, its feature!"
ReplyDeletehttp://alouche.net/2012/04/29/the-so-called-skype-sdk-ip-leaks/
Okey, they are rights. But why the heck ANYONE need to know you public ip? If you not from my contact list, go away with you ip address request. Its simple.
And contact sharing request you may send using supernode as proxy. Fairly easy.
Nah.
DeleteLooks like usual 'security expert' butthurt.
Global IT-news sites already aware of this:
ReplyDeletehttp://news.cnet.com/8301-1035_3-57424107-94/skype-exploit-reveals-user-ip-addresses/
http://www.zdnet.co.uk/news/security-threats/2012/05/01/skype-exploit-exposes-user-ip-addresses-40155132/
http://www.pcadvisor.co.uk/news/network-wifi/3354842/skype-investigates-tool-that-reveals-users-ip-addresses/
http://www.pcworld.com/businesscenter/article/254763/skype_investigates_tool_that_reveals_users_ip_addresses.html
http://www.geekosystem.com/skype-exploit-ip/
http://www.ubergizmo.com/2012/04/skype-exploit-user-ip-address/
http://gizmodo.com/5906553/skype-investigating-vulnerability-which-reveals-users-ip-adresses
http://news.softpedia.com/news/Skype-Vulnerability-Leads-to-User-IP-Disclosure-267182.shtml
And some more:
ReplyDeletehttp://www.theinquirer.net/inquirer/news/2171618/skype-investigates-potential-security-threat
http://www.slashgear.com/skype-looking-into-ip-address-discovery-method-01225431/
http://www.net-security.org/secworld.php?id=12843
News updates.
ReplyDeletehttp://www.neowin.net/news/newly-found-skype-exploit-can-reveal-users-ip-address
Slashdot community. Now, with micorsoft paid trolls enabled:
http://yro.slashdot.org/story/12/05/01/1636230/hacked-skype-ip-address-search-shows-whos-speaking-from-where
Something new on skype network. Seems like its not p2p now, but microsoft grid technology. And was it for two month already.
http://arstechnica.com/business/news/2012/05/skype-replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft.ars
Anyone has cloned skypeopensource git repo? GitHub took it down.
ReplyDeletehttps://github.com/skypeopensource/epycs
Deletehas somebody cloned the http://skype-ip-finder.tk/ site too??? it's down allready
ReplyDeletehttp://skype-ip-finder.in/
Deleteanyone know where a copy of skype55-deob can be obtained from, the relevant sites are down
ReplyDeletehttp://thepiratebay.se/torrent/7238404/
Deletemagnet:?xt=urn:btih:2a93d303ce538a1f5894f93086255837ccc3eeff&dn=skype55_59_deobfuscated_binaries&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.ccc.de%3A80
ReplyDeleteOr http://thepiratebay.se/torrent/7238404/
DeleteWhat are the registry keys ??
ReplyDeleteI think that here is described how to enable logging on all OSs:
ReplyDeletehttp://developer.skype.com/SkypeGarage/LogFile
So ridiculous that people even feel the need to disclose this type of information that they know full well will be abused by a bunch of assholes. Way to go.
ReplyDeletethere are tools for getting the skype user's IP address, i dont know what the tool was. But it was working. I get my friends IP address. Also i hope there's a skype themes so that we enjoy skype more!
ReplyDelete