Trace the IP address of a person in chat or email

There was a question in a famous security forum asking how to trace the IP address of a person in a Facebook or GTalk. There are two ways chat systems work. If its ICQ/AIM style (P2P) instant messaging, communication is done through a direct TCP connection to the other server. You can use a packet sniffer such as Wireshark on your local machine and observe the IP address of everyone you are chatting with easily in ICQ/AIM. However, GTalk and Facebook messenger is based on Jabber/XMPP protocol. It means that when you send an instant message to someone the message first received by the service provider's servers (in this case Facebook or Google), and then that server sends the message to the person's computer you are chatting with.

If the chat system uses Jabber or XMPP protocol, you can set up a web server and send them a link to your page on it. Once they click the link, their IP address will be logged in your web server's access logs. Another practical method is to host an image on the web server and trick the person you are trying to track into loading it through a third party website (Grabify). Some social networking sites allow you to upload snippets of HTML including image tags. The downside for this method is that if the user is using VPN or Proxy server, you will record a VPN or Proxy IP address.

You can use websites such as http://ip-api.com/ to get geolocation data. Following example shows how to use Blue-Thunder-IP-Locator tool to get the IP information using Terminal.

Before using this tool install & upgrade Perl libraries. To do that open the Terminal and type the following commands.

$ sudo apt-get install liblocal-lib-perl
$ sudo apt-get install libjson-perl
$ sudo apt-get upgrade libjson-perl

After the Perl libraries update process you can install the Blue-Thunder-IP-Locator script. Go to the Blue-Thunder-IP-Locator GitHub page and copy the clone URL.

git clone https://github.com/th3sha10wbr04rs/Blue-Thunder-IP-Locator-

Go to the Blue-Thunder-IP-Locator folder and change the blue_thunder.pl file permission to executable by using the following command.

chmod +x blue_thunder.pl

Now you can run the Perl script to get IP information. It will show geographical information in a structured manner. You can use domain address or IP address to get the geo information.

./blue_thunder.pl 113.58.194.92

There are many tools developed to get the IP geodata. If you use any particular tool that provides more functionalities, please comment it.