How to find out your private local IP via web

Introduction

When an user connect to a web server it's pretty easy for a server-side script to save his IP address, it's off course transmitted within the TCP connection itself.
Few know that using a certain technique is possible to find out even the local IP address. With local IP I'm talking of the private one associated with the NIC (the network card) of a certain host.
Sometimes it coincides with the public one (for example if an user is connected directly to the internet through a modem), other times it's different and reflect the internal LAN configuration. The comparison between the two addresses let a third party guess if an user is behind a NAT or directly connected to the internet.
This fact may also have some security implications briefly discussed below.

How to find out the local IP

To access information about the local IP you have to use a Java applet (if you don't know what a Java applet is you can read some on wikipedia). Applets are usually subjected to some security limitation but the local IP field (as of Java 5) is accessible without any user confirmation.

Source code of an example applet

01. import javax.swing.JApplet;
02. import java.awt.Graphics;
03. import java.net.*;
04. 
05. public class localIP extends JApplet {
06. 	
07.   // we do not really need to paint, this is just an example
08.   public void paint(Graphics g) {	
09.     // variable for storing the InetAddress
10.     InetAddress raw_IP;
11.
12.     // host to connect to (same as where the applet is stored)
13.     String server_HOSTNAME="localhost";
14.
15.     try {
16.
17.       // we may have a socket
18.       raw_IP = new Socket(server_HOSTNAME,80).getLocalAddress();
19.
20.       // redirect the user to an URL
21.       // raw_IP.getHostAddress() is the local IP
22.       getAppletContext().showDocument(new URL("http://"+server_HOSTNAME+"/nat.php?l="+raw_IP.getHostAddress()));
23.
24.     } catch (Exception e) {
25.       e.printStackTrace();
26.     }
27.   } 
28. }

First lines are just some basic imports and straightforward code (if you know Java).

You'll se at line 18 that a socket get created through the command:
new Socket(server_HOSTNAME,80);
the method getLocalAddress() will return the Local IP we're searching for.
Line 22 job is to redirect the user to a new URL formed as "http://" + server_HOSTNAME + "/nat.php" adding as a GET variable the just found local IP.

Download the example Java source code.

Toggle this advertising

On the web server you can then implement a server side script that compare the local IP with the public one, if they are not equal the user is behind some sort of NAT device. This information can also be stored in a database or just presented to the user.

How to use this information

Getting to know if an user is behind NAT can be very useful:

Network troubleshooting: sometimes (like if you're running an help desk) you need to know if a certain user is behind NAT or directly connected to Internet. Pointing the user directly to amibehindnat.com will give you a fast answer. You'll then know if you need to forward some ports (like for bittorent, emule, voip, etc.) or if just a local firewall issue.
Doing some statistics on your users: you may record how many connections came from users behind NAT and thus help them configuring your network services.
"Malicious" uses: you can trick people to see your page and with some efforts you'll get to know the internal network structure.. or at least you get a first insight on it.

Security concern

If you want to be safe from this type of "local IP sniffing" at the moment your only choice is disable execution of java applet. If you know of any other method to be protected from this type of information leaking let me know.

This article is written just as a simple reference of the idea behind "amibehindnat.com", more information can be asked directly to the author