Message from JavaScript discussions

April 2019

— You would probably need to actually exploit their browser to pull saved passwords


And at that point, unless you have a redirector, you're essentially making call backs to your own web server, which is dumb

— 🤦‍♂

— You can get IP, and geolocational info just from reading the bytecode of the packets exchanged between your boxes

Message permanent page

— The ip of the user may be dynamic right ?

— It will be changing everytime whenever he connects to internet

— DHCP is a myth.
It leases the same IP to you 90% of the time. PAT could potentially create problems for you though

Message permanent page

— 80% dynamic

— Daam

— However, if you get their routers public facing IP, you could theoretically exploit it, and pivot off of it to their box

Message permanent page

— Realistically though, its easier to just spearfish your users, and hope someone clicks on a crafted payload in the email or link you leave

Message permanent page

— Higher payout than specifically targetting someone in the modern day.