DEV Community

Higor Diego
Higor Diego

Posted on

How to discover the user’s IP address using Telegram.

Ip find telegram

If you've ever wondered how messaging apps like Telegram and WhatsApp work behind the scenes of your conversations, this article is for you. We'll explore a method to discover the IP address of the user we're interacting with on Telegram, using the powerful network traffic analysis tool Wireshark.

Step 1: Downloading Wireshark

Before we begin, you need to download and install Wireshark on your computer. You can find the download on the official Wireshark website.

Make sure to choose the version that is compatible with your operating system.

Step 2: Filtering STUN Traffic

After opening Wireshark, you'll see an interface capturing real-time network traffic. Let's filter the STUN traffic, which is the protocol used by Telegram for communication.
In the filter bar, click on the search icon to open the search option. Then select the "String" option and type "XOR-MAPPED-ADDRESS" in the search line.

Step 3: Initiating Data Capture

Now, we're ready to start capturing data. Ensure Wireshark is running and make a call via Telegram to the user whose IP address you want to discover.
Once the user answers the call, Wireshark will start displaying the captured data. Look through the list for information related to the STUN protocol, and you'll find the IP address of the user who received the call.

Step 4: Identifying the IP Address

To easily identify the desired IP address, use the Wireshark search function. Click on the "Find" option and type "XOR-MAPPED-ADDRESS" in the search line. The user's IP address will immediately appear after that string.


Automating with Golang

Using the Golang programming language, we can automate the entire process described above. Below is a Golang code that performs this task efficiently and reliably:



package main

import (
    "fmt"
    "log"
    "os"
    "os/exec"
    "strings"
)

func main() {
    const CAP_PATH = "/tmp/tg_cap.pcap" // Temporary path for pcap capture file
    const CAP_TEXT = "/tmp/tg_text.txt" // Temporary path for text file with information
    const CAP_DURATION = "5"            // Capture duration in seconds

    // Get the external IP address of the device
    ipCmd := exec.Command("curl", "-s", "icanhazip.com")
    ipOutput, err := ipCmd.Output()
    if err != nil {
        log.Fatal("Failed to get IP address:", err)
    }
    MY_IP := strings.TrimSpace(string(ipOutput))

    // Check if Wireshark is installed
    _, err = exec.LookPath("tshark")
    if err != nil {
        log.Println("[-] Wireshark not found. Try installing Wireshark first.")
        log.Println("[+] Debian-based: sudo apt-get install -y tshark")
        log.Println("[+] RedHat-based: sudo yum install -y tshark")
        os.Exit(1)
    }

    fmt.Println("[+] Discovering User's IP Address on Telegram using Golang")
    fmt.Println("[+] Starting traffic capture. Please wait for", CAP_DURATION, "seconds...")

    // Start traffic capture with Wireshark
    captureCmd := exec.Command("tshark", "-w", CAP_PATH, "-a", "duration:"+CAP_DURATION)
    captureOutput, err := captureCmd.CombinedOutput()
    if err != nil {
        log.Fatal("Traffic capture error:", err)
    }

    fmt.Println("[+] Traffic captured.")

    // Convert pcap file to readable text file
    convertCmd := exec.Command("tshark", "-r", CAP_PATH)
    convertOutput, err := convertCmd.Output()
    if err != nil {
        log.Fatal("Error converting pcap file to text:", err)
    }

    err = os.WriteFile(CAP_TEXT, convertOutput, 0644)
    if err != nil {
        log.Fatal("Error writing text file:", err)
    }

    fmt.Println("[+] Pcap file successfully converted to text.")

    // Check if Telegram traffic is present in the text file
    if strings.Contains(string(convertOutput), "STUN 106") {
        fmt.Println("[+] Telegram traffic found.")

        // Extract the IP address from the text
        extractCmd := exec.Command("cat", CAP_TEXT, "|", "grep", "STUN 106", "|", "sed", "'s/^.*XOR-MAPPED-ADDRESS: //'", "|", "awk", "'{match($0,/[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+/); ip = substr($0,RSTART,RLENGTH); print ip}' | awk '!seen[$0]++'")
        extractOutput, err := extractCmd.Output()
        if err != nil {
            log.Fatal("Error extracting IP address:", err)
        }

        TG_OUT := strings.TrimSpace(string(extractOutput))
        IP_1 := strings.Fields(TG_OUT)[0]
        IP_2 := strings.Fields(TG_OUT)[1]

        var IP string

        // Check if the IP address is ours or the recipient's
        if MY_IP == IP_1 {
            IP = IP_2
        } else if MY_IP == IP_2 {
            IP = IP_1
        } else {
            IP = "[-] Sorry. IP address not found."
            os.Exit(1)
        }

        // Get host information for the IP address
        hostCmd := exec.Command("host", IP)
        hostOutput, err := hostCmd.Output()
        if err != nil {
            log.Fatal("Error getting host information:", err)
        }

        fmt.Println("[+]")
        fmt.Println("[+] IP Address:", IP)
        fmt.Println("[+] Host:", strings.TrimSpace(string(hostOutput)))
        fmt.Println("[+]")

        // Clean up temporary files
        err = os.Remove(CAP_PATH)
        if err != nil {
            log.Fatal("Cleanup error:", err)
        }

        err = os.Remove(CAP_TEXT)
        if err != nil {
            log.Fatal("Cleanup error:", err)
        }

        fmt.Println("[+] Cleanup completed.")
    } else {
        fmt.Println("[-] Telegram traffic not found.")
        fmt.Println("[!]")
        fmt.Println("[!] Run this script only >>>AFTER<<< the response.")
        fmt.Println("[!]")
        os.Exit(1)
    }

    fmt.Println("[?]")
    fmt.Print("[?] Run whois", IP, "? (Y/N): ")

    // Check if the user wants to run the whois command
    var answer string
    fmt.Scanln(&answer)

    if strings.ToUpper(answer) == "Y" {
        whoisCmd := exec.Command("whois", IP)
        whoisOutput, err := whoisCmd.Output()
        if err != nil {
            log.Fatal("Error running whois command:", err)
        }

        fmt.Println(string(whoisOutput))
    } else {
        fmt.Println("[+] Goodbye!")
        os.Exit(0)
    }
}


Enter fullscreen mode Exit fullscreen mode

Conclusion

By using Wireshark and analyzing STUN traffic on Telegram, we can discover the IP address of the user we are interacting with. This information can be useful for various purposes, such as checking the geographical location of the user or identifying potential network issues.

However, it is important to remember that user privacy should always be respected. The use of these techniques should be done ethically and within legal limits.

References:

https://medium.com/@ibederov_en/find-out-the-ip-address-through-a-call-to-telegram-a899441b1bac

https://www.wireshark.org/

https://go.dev/

Top comments (5)

Collapse
 
khalid_abdul_9f81ffab6bc9 profile image
Khalid Abdul

Cryptocurrency Scam/Fraud Tracing & Recovery
I never thought I will get scammed of all my assets on this exchange which I was warned by friends not to invest online or apply for exchange from unknown online investors, they stole all my life savings ranging to a total sum of $68k [sixty eight thousand dollars] worth of bitcoin, I started regretting my life until I came across some article online about jamesmckaywizard a genuine hacker who is into any kind of hacking and helping people recover their lost funds via online scam, I still didn't believe bitcoin can ever be recovered, but had to once again trust my guts and instincts. To my greatest surprise Mr. James was able to carry out the job neatly without any traces or complications all thanks to him and his team for offering me a top notch services. To that one person or persons out there who really need a true and efficient hacker l would advice you to contact: Email: jamesmckaywizard at gmail dot com or WhatsApp +31622647750.

Collapse
 
mm828 profile image
Mamue

Hey my friend. I have a similar problem, jamesmckaywizard@gmail.com right?
May you can help to get in touch?

Collapse
 
aziz_khan_9562100159788d9 profile image
Aziz khan

Ip address of telegram how to track it

Collapse
 
aziz_khan_9562100159788d9 profile image
Aziz khan

How track telegram up address?

Collapse
 
devil_panda_a56728db6f4b1 profile image
Devil Panda

How can I communicate with you pls?????