Home > Blog > WebRTC IP Leaks | How to test and prevent WebRTC Leaks?

WebRTC IP Leaks | How to test and prevent WebRTC Leaks?

September 27 2021
Jolian

Why need to pay attention to WebRTC IP Leak?

Webrtc is indeed a way that leads to IP leaks. It poses a threat to anyone who uses a VPN and tries to remain anonymous online without showing the real IP address. Many users asked online:

“Should I turn off the WebRTC?”

“How do I know if WebRTC has leaked my IP?”

In fact, we enjoy and worry about the Internet every day. We always feel like we’re being monitored by the Internet. The Internet may know our private information, such as what we bought yesterday and what we browse today. It’s true that the Internet even knows where you live — via an IP address. There were 152,000,000 Google searches for “IP leak”. We can find that “webrTC IP leak” is also a big part of it.

Don’t be afraid, keep reading and you’ll find yourself finding an article that will help you! We’ll show you how WebRTC leaks your IP address, the way to know if your IP is leaked, and how to prevent  WebRTC IP leaks.

webrtc

 

What is the WebRTC

WebRTC, whose name comes from an abbreviation for Instant Web messaging, is an API that enables web browsers to conduct real-time voice or video conversations. It allows voice, video chat, and P2P sharing (real-time communication) in the browser without the need to add additional browser extensions.

The history of the WebRTC

In May 2010, Google acquired the GIPS engine of VoIP software developer Global IP Solutions for $68.2 million and renamed it “WebRTC.” WebRTC uses THE GIPS engine to achieve web-based video conferencing and supports 722, PCM, ILBC, ISAC and other encodings. It uses Google’s own VP8 video decode and also supports RTP/SRTP transmission.

Google integrated the software into its Chrome browser in January 2012. Meanwhile, the FreeSWITCH project claims support for iSAC Audio CoDEC.

Characteristics of the WebRTC

1) WebRTC implements web-based video conferencing, which is based on WHATWG protocol. The main purpose of WebRTC is to enable Web developers to easily and quickly develop rich real-time multimedia applications based on Chrome, Firefox, and other browsers, without downloading and installing any plug-ins. Real-time communication capabilities can be achieved by writing simple javascript in a browser. Is an open-source software.

2) WebRTC provides the core technology of video conference, including audio and video collection, coding and decoding, network transmission, display, and other functions

3) Although WebRTC was originally developed by Google, it supports Windows, Linux, MAC, Android, and many other platforms.

4) Whether used for personal or business activities, it is free.

5) It can be used for mobile applications.

6) It offers better sound quality compared to Flash, with built-in adjustable microphone Settings. WebRTC is known for its ability to enhance video and audio chat.

WebRTC hopes to build a robust real-time communication platform between multiple Internet browsers, forming a good ecological environment for developers and browser manufacturers. Google is also working to make WebRTC’s technology one of the HTML5 standards.

Browser support

browser support

WebRTC is supported in the following browser versions:

  • Desktop PC Side: Google Chrome23, Mozilla Firefox22, Opera18, and Safari11
  • Android: Google Chrome 28 (enabled by default starting from version 29), Mozilla Firefox 24, and Opera Mobile 12
  • Google Chrome OS
  • Firefox OS
  • iOS 11
  • Blackberry 10 features a built-in browser: Bowser

 

How does WebRTC leak IP?

WebRTC’s IP leak was discovered by Daniel Roesler in early 2015. He pointed out that:

Firefox and Chrome have implemented WebRTC that allow requests to STUN servers to be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a user’s local and public IP addresses in javascript.

Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.

WebRTC uses Session Traversal Utilities for NAT (STUN), TURN, and ICE to penetrate firewalls or NATs on the VoIP network. The user sends a request to the server, and the STUN server returns the IP address and LAN address of the system the user uses.

The returned request can be retrieved in JavaScript, but because this process takes place outside the normal XML/HTTP request process, it is not visible from the developer console. This means that the only requirement for this vulnerability is for the browser to support WebRTC and JavaScript, and any site can simply execute some JavaScript commands to get your real IP address from a Web browser.

The threat of WebRTC IP Leak

The vulnerability allows web administrators to easily see a user’s real IP address through WebRTC, even if the user uses a VPN to hide their IP address. The vulnerability affects WebRTC-enabled browsers, including Google Chrome and Firefox, although it appears to affect only the Windows operating system.

ip leaked

Network security researcher Paolo Stagno tested 70 VPN providers and found that 16 of them had leaked users’ IP addresses through WebRTC (23%).

Check for IP leaks

  • Connect to the VPN proxy
  • Access:ip.voidsec.com

If you see the public IP address in the WebRTC column, you have exposed your identity. If the WebRTC leak inspector indicates that you have a leak, you can take the following 6 steps to confirm that it is 100% correct.

  • Disconnect from your VPN.
  • Open a new page in a new window, and simply type ‘What’s my IP?’ into your browser’s search bar to find your IP address.
  • Write down all the public IP addresses you see.
  • Close the page.
  • Reconnect to your VPN and reopen the page.

If you see any of the same public IP addresses after reconnecting to your VPN, you have a leak. If not, your IP address is secure.

Will the VPN protect me from WebRTC IP Leaks?

There are some VPNs that can protect against webRTC vulnerabilities. Here are the VPNs that protect users from WebRTC leaks through firewall rules:

1) Perfect Privacy: The Perfect Privacy VPN client is configured to prevent WebRTC vulnerabilities.

2) Express VPN: Express VPN has updated its software to further protect users from WebRTC leaks.

Note: Just like browser fingerprints, WebRTC issues are a vulnerability in Web browsers. Therefore, it is better to fix the root cause of the problem through your browser rather than relying solely on VPN protection.

 

How to prevent WebrTC IP Leak

For users who do not want their real IP addresses to be leaked, you can disable WebRTC to prevent the leakage of real IP addresses.

Firefox:

1) Enter “about:config” in the browser. And then search “media. peerconnection. enabled”. Double-click it and change it to “false”.

2) Type “about :config” in the URL bar, then press Enter. Then, agree to the warning message and click “Accept the risk!” Then, in the search box type”media.peerconnection.enabled”. Double click on the “media.peerconnection.enabled” name of the preference value changes as “false”.

Chrome:

1) Since WebRTC cannot be disabled in Chrome (desktop), additional components are the only option (for those who don’t want to give up using Chrome). As mentioned above, it’s important to remember that browser add-ons are not 100% efficient.

In other words, you may still be vulnerable to WebRTC IP address leakage under certain circumstances.

There are some add-ons worth considering: WebRTC Leak Prevent /uBlock Origin. (Install the “WebRTC Leak Prevent” extension, set the “IP handling policy” option to “Disable non-proxied UDP (force proxy)” and click “Apply Settings” to apply.)

2) On your Android device, turn off the WebRTC in URL chrome://flags/. Scroll down to find the “WebRTC stun origin header” – then disable it. For security, you can also disable the WebRTC hardware video encoding/decoding option, although this may not be required.

 

Conclusion about WebRTC IP Leak

The WebRTC vulnerability highlights a very important concept for those seeking higher levels of online anonymity and security through various privacy tools. The browser is usually the weak link in the chain. Therefore, it is important to pay attention to the browser itself.

use ClonBrowser to protect privacy

ClonBrowser is a very powerful browser, it is very important to protect your privacy! If you have been worried about browser security issues, you can click here to learn more about our features! I believe it will bring you unexpected surprise!

Also read
© 2019-2024 ClonBrowser CLOUND NEXUS ECOM SERVICE CO., Limited