samy 在blackhat上做了一次非常精彩的演讲“”

其中提到了通过xss抓取路由的mac信息，然后提交到Google Location Services 服务以查询真实地址的技巧。



Firefox 也利用google的服务提供这个功能

有兴趣的朋友不妨试试：


Firefox官方说法是会抓取IP和附近的无线接入点的信息发送给google的服务，然后结果反馈在地图上.



OWASP O2平台也在近期演示了这一过程

Basically all that is needed to to is to send a well formed MAC address (xx-xx-xx-xx-xx-xx) inside a JSON object to a Google REST API.

Here is a simple code sample that shows this in action

Func getLocationFromMac =   (macAddress)=>{     var url = "";     var postData = "{\"version\":\"1.1.0\",\"request_address\":true,\"wifi_towers\": [{\"mac_address\":\"" +                      macAddress + "\",\"ssid\":\"g\",\"signal_strength\":-72}]}";     var response = new Web().getUrlContents_POST(url,postData);     return response;          };   return getLocationFromMac("0e-00-00-91-35-75");

这种方法和根据IP地址反查地理位置有所不同，IP库的更新比较慢，精度低，且不一定准。而这个服务由google维护。

我对google如何获取地理位置的方法比较好奇，所以查了些资料。

2009年开始，浏览器中查询地理位置开始火起来，W3C也正式发布了GEO API。有一家叫skyhook的公司，专门提供这个服务，同样的还有google。

Firefox之前是使用的skyhook的服务，后来重新转投了google的怀抱。

总的来说，有3种方法，可以查询出地理位置：1. GPS， 2. wifi access point， 3. cell tower

对于wifi的方法，根据skyhook的做法，找到了这样一段说明
The service used by the iPod touch is powered by a company called SkyHook.

SkyHook does not restrict itself to "official" public WiFi hotspots. Instead, it sends a fleet of vehicles down every navigable street within a covered area, scanning ALL of the WiFi access points in the vicinity (both private and public) and recording their unique signatures (called a MAC address, but it has no relation to the popular computer platform) along with their signal strength at various latitudes and longitudes.

Whenever the WiFi radio is turned on and CoreLocation is in use, the iPod touch continually scans the MAC addresses and relative signal strengths of all the WiFi access points in the vicinity (not just the one it happens to be connected to), and queries those MAC addresses in SkyHook's database. It can then use those results to triangulate your approximate location.

If SkyHook's database doesn't contain an entry for the WiFi access points nearest you, or if the WiFi access point has moved since the last time SkyHook refreshed its database, then the iPod touch will provide incorrect location information. In that case, it is also possible for operators of WiFi access points (including owners of private home networks) to submit new information to SkyHook in order to help them improve their coverage. 

此外skyhook还有一个slide，非常好的阐述了如何抓地理位置

其实获取MAC的方法挺多的，除了XSS路由外，还可以找某些activex控件的功能，直接调用以查询MAC。