-3

If I generate a payload with my IP address and it got detected by the user will my IP exposed?

Aravind R
  • 1
  • Flagging as "needs focus". What is the protocol (specifically: over TLS or plaintext), what attackers are you concerned about (MITM, local network sniffer, local machine), who is "the user"? This can't be answered without details. – Marc Jul 26 '20 at 12:59
  • 1
    "If someone finds my IP in the payload, will they know the IP?" -- this is what is known as a "tautology". If they find it, then they know it. We cannot possibly determine if any data is detectable in an unspecified "payload". – schroeder Jul 26 '20 at 18:26

1 Answers1

1

If the payload is detected and then analyzed it is entirely possible to retrieve your IP from it. Obfuscating the payload may complicate the process of extracting the IP address to some extent, but an experienced malware analyst/reverse engineer will almost definitely be able to extract it eventually.

For example, this answer shows that the IP in a MSFvenom payload can be found by simply inspecting the payload in a hex editor. However, an average user probably wouldn't have the know-how to do this.

Demento
  • 7,249
  • 5
  • 36
  • 45
nobody
  • 11,251
  • 1
  • 41
  • 60
  • This doesn't really answer the question since it is so vague to begin with. – Marc Jul 26 '20 at 14:30
  • @Marc Which is vague? The question or the answer? – nobody Jul 26 '20 at 14:32
  • 1
    Both. You can't have a clear answer to such a vague question. – Marc Jul 26 '20 at 14:34
  • @Marc I agree the question is somewhat unclear, but I think its a fair guess that the OP is talking about building a backdoor/reverse shell with their own IP hardcoded as the callback address. If the payload was detected (running on the victims machine) would/could it expose their IP? That's what I understood and tried to answer. – nobody Jul 26 '20 at 15:34