This is based on https://github.com/diafygi/webrtc-ips. You can copy & paste the example below into your Dev console to see it in action.
Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that.
Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.
//get the IP addresses associated with an accountfunction getIPs(callback){var ip_dups = {};//compatibility for firefox and chromevar RTCPeerConnection = window.RTCPeerConnection|| window.mozRTCPeerConnection|| window.webkitRTCPeerConnection;var useWebKit = !!window.webkitRTCPeerConnection;//bypass naive webrtc blocking using an iframeif(!RTCPeerConnection){//NOTE: you need to have an iframe in the page right above the script tag////<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>//<script>...getIPs called in here...//var win = iframe.contentWindow;RTCPeerConnection = win.RTCPeerConnection|| win.mozRTCPeerConnection|| win.webkitRTCPeerConnection;useWebKit = !!win.webkitRTCPeerConnection;}//minimal requirements for data connectionvar mediaConstraints = {optional: [{RtpDataChannels: true}]};var servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};//construct a new RTCPeerConnectionvar pc = new RTCPeerConnection(servers, mediaConstraints);function handleCandidate(candidate){//match just the IP addressvar ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/var ip_addr = ip_regex.exec(candidate)[1];//remove duplicatesif(ip_dups[ip_addr] === undefined)callback(ip_addr);ip_dups[ip_addr] = true;}//listen for candidate eventspc.onicecandidate = function(ice){//skip non-candidate eventsif(ice.candidate)handleCandidate(ice.candidate.candidate);};//create a bogus data channelpc.createDataChannel("");//create an offer sdppc.createOffer(function(result){//trigger the stun server requestpc.setLocalDescription(result, function(){}, function(){});}, function(){});//wait for a while to let everything donesetTimeout(function(){//read candidate info from local descriptionvar lines = pc.localDescription.sdp.split('\n');lines.forEach(function(line){if(line.indexOf('a=candidate:') === 0)handleCandidate(line);});}, 1000);}//log IP addressesgetIPs(function(ip){//local IPsif (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/))console.log("Local IPs: "+ip);//IPv6 addresseselse if (ip.match(/^[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}$/))console.log("IPv6 Addresses: "+ip);//assume the rest are public IPselseconsole.log("Public IPs: "+ip);});
The advantage of using our API is you can expect this method to work reliably across all browsers and it is super-fast. We run out of 11 AWS data centers around the world for millisecond-optimized performance.
$.get("https://api.ipdata.co?api-key=test", function(response) {console.log(response.ip);}, "jsonp");