MSN IP Grab

[IchBistTod]

Is someone spying on you?

Do you suspect someone is not who they say they are?

Well now you can use this nifty little tool to grab someones IP address over MSN so you can run a WHOIS, or check out suspicious IP addresses.

How to use:

1)Initiate a direct connection (file transfer, custom emoticons, webcam, file sharing, etc)

2)Click "Get Possible IP

expandcollapse popup

#NoTrayIcon
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Version=Beta
#AutoIt3Wrapper_icon=ipgrab.ico
#AutoIt3Wrapper_Compression=4
#AutoIt3Wrapper_Res_Comment=Grabs the IP address of active connections on MSN(WLM)
#AutoIt3Wrapper_Res_Description=Grabs the IP address of active connections on MSN(WLM)
#AutoIt3Wrapper_Res_Fileversion=0.0.1.12
#AutoIt3Wrapper_Res_Language=1033
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("IP-Grab", 481, 365, 192, 124)
$Edit1 = GUICtrlCreateEdit("", 0, 48, 497, 257)
GUICtrlSetData(-1, "Results will display here")
$Button1 = GUICtrlCreateButton("Get Possible MSN Ip Addresses", 104, 312, 227, 41, 0)
$Label1 = GUICtrlCreateLabel("MSN IP ADDRESS CAPTURER", 96, 8, 216, 17)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        case $Button1
            GUICtrlSetData($Edit1, "Please Wait... Loading Data")
            $ips = _getpossibleips()
            GUICtrlSetData($Edit1, "Possible IP Addresses:"&@CRLF&$ips)

    EndSwitch
WEnd

func _getpossibleips()
$d = Random(111111, 999999, 1)
Runwait(@ComSpec & " /c " & 'netstat -n -b > '&$d&'.txt', "", @SW_HIDE)
$first = FileRead($d&".txt")
FileDelete($d&".txt")
$first = StringRegExpReplace($first,"        ", "|")
$first = StringRegExpReplace($first,"        ", "|")
$first = StringRegExpReplace($first," ", "|")
$first = StringRegExpReplace($first,"||", "|")
$first = StringRegExpReplace($first,"TCP", "*")
$first = StringRegExpReplace($first,"ActiveConnectionsProtoLocalAddress|ForeignAddress|State*", "")
$first = StringRegExpReplace($first,"ActiveConnectionsProtoLocalAddress||*", "")
$first = StringRegExpReplace($first,@CRLF, "")
$befores = ""

$array2 = StringSplit($first, "*")
for $i=1 to $array2[0]
    if not StringInStr($array2[$i], "127.0.0.1") and not StringInStr($array2[$i], ":80") and not StringInStr($array2[$i], "64.4.") and not StringInStr($array2[$i], "207.46.") then
    if StringInStr($array2[$i], "msnmsgr.exe", 1, 1) Then
        if StringInStr($array2[$i], "ESTABLISHED", 1, 1) Then
        $befores &= StringReplace($array2[$i], "[msnmsgr.exe]","")&@CRLF
        EndIf
    EndIf
    EndIf
Next
$xyz = ""
$befores = StringReplace($befores,"||", "|")
$befores = StringReplace($befores,"|||", "|")
$befores = StringReplace($befores,"||", "|")
$befores = StringReplace($befores, "|ESTABLISHED|", "")
$beforesf = ""
$beforesx = StringSplit($befores, @CRLF)
for $x=1 to $beforesx[0]
$beforesy = StringSplit($beforesx[$x], "|")
ConsoleWrite($beforesx[$x]&@CRLF)
for $i=3 to $beforesy[0]
$beforesf &= $beforesy[$i]&@CRLF
Next
Next

return $beforesf

endfunc

Edited August 30, 2009 by IchBistTod

[FireFox]

Is someone spying on you?

Do you suspect someone is not who they say they are?

Well now you can use this nifty little tool to grab someones IP address over MSN so you can run a WHOIS, or check out suspicious IP addresses.

How to use:

1)Initiate a direct connection (file transfer, custom emoticons, webcam, file sharing, etc)

2)Click "Get Possible IP"

Simple script, I just want you to note that on each IP Adress here is 9 numbers for the port wich is impossible...

83.192.177.169:505391336

I dont want to fix that, do it yourself. You could saw it before posting...

Cheers, FireFox.

Edited August 30, 2009 by FireFox

[IchBistTod]

You dont really need the port unless you plan on doing something malicious, although im not sure, but is that a valid port? If not, valid ports are only returned under windows xp and windows 7, not vista(from my observations). 

also I am not sure what is causing the problem, hence I can not fix it, it may be a bit more difficult than you assume. However if not a valid port, the port should be the first 4-5 numbers, i am not sure where the other numbers come from.

I have just tested under windows 7 and it works perfectly, even with returning the port.

Edited August 30, 2009 by IchBistTod

[Skrip]

Nice script. Could be useful.

[jvanegmond]

Good idea to put this into a script. I've been using the technique for years. : )

[James]

Doesn't work here.

Windows 7 - latest Windows Live Messenger with Messenger Plus!

Edited August 30, 2009 by JamesBrooks

[jvanegmond]

It won't work until you establish a direct connection.

[James]

It won't work until you establish a direct connection.

I have webcam, custom emoticons everything going.

[jvanegmond]

The MSN servers handles traffic if both participating parties are behind a (NAT) firewall.

[IchBistTod]

yes so if you continously get no results the best way to fix this is to DMZ your PC or to port forward the ports MSN/WLM uses.