These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript.Īdditionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. (An explanation of the difference between your local/internal IP and your public/external IP is here.) The WebRTC VulnerabilityĪnyone seeking to be anonymous online through privacy technology should take action against WebRTC leaks.ĭaniel Roesler exposed this vulnerability in 2015 on his GitHub page, where he stated:įirefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. Note that a local IP address is blacked out on the left. You can see that my public IPv6 address (beginning with 2) is leaking in the WebRTC area, even while the VPN is connected and stable. Below is an example of WebRTC leaks that I found when testing out a VPN service. If you see your ISP-assigned (external) IP address, then this is a WebRTC leak. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |