How to discover the user’s IP address using Telegram.
https://github.com/gcla/termshark

How to discover the user’s IP address using Telegram.

Higor Diego Higor Diego

Higor Diego

Solution Architecture | Infosec Enthusiast

发布日期: 2023年6月12日
+ 关注

If you’ve ever wondered how messaging apps like Telegram and WhatsApp work behind the scenes during conversations, this article is for you. We’ll explore a way to discover the IP address of the user we’re interacting with on Telegram using the powerful tool Wireshark, a network traffic analysis tool.

Step 1: Downloading Wireshark

Before we begin, you need to download and install Wireshark on your computer. You can find the download on the?official Wireshark website.

Make sure to choose the version compatible with your operating system.

Step 2: Filtering STUN Traffic

After opening Wireshark, you’ll see an interface capturing real-time network traffic. Let’s filter the STUN traffic, which is the protocol used by Telegram for communication. In the filter bar, click on the search icon to open the search option. Then, select the “String” option and type “XOR-MAPPED-ADDRESS” in the search field.

Step 3: Starting Data Capture

Now, we’re ready to start capturing data. Make sure Wireshark is running and make a call via Telegram to the user whose IP address you want to discover. Once the user answers the call, Wireshark will begin displaying the captured data. Look for information related to the STUN protocol in the list, and you’ll find the IP address of the user who received the call.

Step 4: Identifying the IP Address To facilitate the identification of the desired IP address, use the search function of Wireshark. Click on the “Find” option and type “XOR-MAPPED-ADDRESS” in the search field. The user’s IP address will appear immediately after this string.

领英推荐

Automating with Golang

Using the Golang programming language, we can automate the entire process described above. Below is a Golang code that performs this task efficiently and reliably: 

package mai

import (
    "fmt"
    "log"
    "os"
    "os/exec"
    "strings"
)

func main() {
    const CAP_PATH = "/tmp/tg_cap.pcap" // Temporary path for pcap capture file
    const CAP_TEXT = "/tmp/tg_text.txt" // Temporary path for text file with information
    const CAP_DURATION = "5"            // Capture duration in seconds

    // Get the external IP address of the device
    ipCmd := exec.Command("curl", "-s", "icanhazip.com")
    ipOutput, err := ipCmd.Output()
    if err != nil {
        log.Fatal("Failed to get IP address:", err)
    }
    MY_IP := strings.TrimSpace(string(ipOutput))

    // Check if Wireshark is installed
    _, err = exec.LookPath("tshark")
    if err != nil {
        log.Println("[-] Wireshark not found. Try installing Wireshark first.")
        log.Println("[+] Debian-based: sudo apt-get install -y tshark")
        log.Println("[+] RedHat-based: sudo yum install -y tshark")
        os.Exit(1)
    }

    fmt.Println("[+] Discovering User's IP Address on Telegram using Golang")
    fmt.Println("[+] Starting traffic capture. Please wait for", CAP_DURATION, "seconds...")

    // Start traffic capture with Wireshark
    captureCmd := exec.Command("tshark", "-w", CAP_PATH, "-a", "duration:"+CAP_DURATION)
    captureOutput, err := captureCmd.CombinedOutput()
    if err != nil {
        log.Fatal("Traffic capture error:", err)
    }

    fmt.Println("[+] Traffic captured.")

    // Convert pcap file to readable text file
    convertCmd := exec.Command("tshark", "-r", CAP_PATH)
    convertOutput, err := convertCmd.Output()
    if err != nil {
        log.Fatal("Error converting pcap file to text:", err)
    }

    err = os.WriteFile(CAP_TEXT, convertOutput, 0644)
    if err != nil {
        log.Fatal("Error writing text file:", err)
    }

    fmt.Println("[+] Pcap file successfully converted to text.")

    // Check if Telegram traffic is present in the text file
    if strings.Contains(string(convertOutput), "STUN 106") {
        fmt.Println("[+] Telegram traffic found.")

        // Extract the IP address from the text
        extractCmd := exec.Command("cat", CAP_TEXT, "|", "grep", "STUN 106", "|", "sed", "'s/^.*XOR-MAPPED-ADDRESS: //'", "|", "awk", "'{match($0,/[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+/); ip = substr($0,RSTART,RLENGTH); print ip}' | awk '!seen[$0]++'")
        extractOutput, err := extractCmd.Output()
        if err != nil {
            log.Fatal("Error extracting IP address:", err)
        }

        TG_OUT := strings.TrimSpace(string(extractOutput))
        IP_1 := strings.Fields(TG_OUT)[0]
        IP_2 := strings.Fields(TG_OUT)[1]

        var IP string

        // Check if the IP address is ours or the recipient's
        if MY_IP == IP_1 {
            IP = IP_2
        } else if MY_IP == IP_2 {
            IP = IP_1
        } else {
            IP = "[-] Sorry. IP address not found."
            os.Exit(1)
        }

        // Get host information for the IP address
        hostCmd := exec.Command("host", IP)
        hostOutput, err := hostCmd.Output()
        if err != nil {
            log.Fatal("Error getting host information:", err)
        }

        fmt.Println("[+]")
        fmt.Println("[+] IP Address:", IP)
        fmt.Println("[+] Host:", strings.TrimSpace(string(hostOutput)))
        fmt.Println("[+]")

        // Clean up temporary files
        err = os.Remove(CAP_PATH)
        if err != nil {
            log.Fatal("Cleanup error:", err)
        }

        err = os.Remove(CAP_TEXT)
        if err != nil {
            log.Fatal("Cleanup error:", err)
        }

        fmt.Println("[+] Cleanup completed.")
    } else {
        fmt.Println("[-] Telegram traffic not found.")
        fmt.Println("[!]")
        fmt.Println("[!] Run this script only >>>AFTER<<< the response.")
        fmt.Println("[!]")
        os.Exit(1)
    }

    fmt.Println("[?]")
    fmt.Print("[?] Run whois", IP, "? (Y/N): ")

    // Check if the user wants to run the whois command
    var answer string
    fmt.Scanln(&answer)

    if strings.ToUpper(answer) == "Y" {
        whoisCmd := exec.Command("whois", IP)
        whoisOutput, err := whoisCmd.Output()
        if err != nil {
            log.Fatal("Error running whois command:", err)
        }

        fmt.Println(string(whoisOutput))
    } else {
        fmt.Println("[+] Goodbye!")
        os.Exit(0)
    }
}

Conclusion

By using Wireshark and analyzing STUN traffic on Telegram, we can discover the IP address of the user we’re interacting with. This information can be useful for various purposes, such as checking the geographical location of the user or identifying potential network issues.

However, it is important to remember that user privacy should always be respected. The use of these techniques should be done ethically and within legal boundaries.

References:

Medium — Find out the IP address through a call to Telegram

Wireshark Official Website

Go — The Go Programming Language


Sana Allah Kheiri

Founder and CEO at Paratopic Technologies, LLC. | Assoc. research scientist; interested in: Ai, Quantum computing & Cryptography | Ai R&D Lead | Innovating Tomorrow's Solutions Today

10 个月

1st thanks alot for your gr8 article, i have tried many attempts to follow steps but lack of guiding images led me to confusion, so could you help me in the 1st step? where is STUN traffic?
回复
Victor Neto

Independent Consultant at Stats Consultation

1 年

What if the Telegram user has VPN? Will it work?

回复
Oluwadamilola Olatunji

Tech Recruitment Expert | Sales Champion | B2B Strategist & Analysist | Talent HR Consultant | Orchestrating Revenue Growth, Nurturing Strategic Partnerships, and Delivering Profitability

1 年

Thank you for the info but is it possible to still track the person if the person does not answer the phone call?
回复
Mumtaz Zazai

Cybersecurity Specialist | Computer Science Graduate | Network Diploma Holder | IT & Penetration Testing Expert

1 年

thank you very much for your struggles and the best article, and where and how to use the script of GO language code?
回复
查看更多评论

要查看或添加评论,请登录

Higor Diego的更多文章

社区洞察

其他会员也浏览了