WebRTC can leak your IP address even if your behind a VPN Part 2 (Proof of Concept)

0
931

Welcome back in the last article (WebRTC can leak your IP address even if your behind a VPN). we talked a little about WebRTC and STUN servers and how they can effect your privacy online. Today we are going to set up a Web Server and implement a WebRTC Grabber to show proof of concept. our POC is based on WebRTC-IPS & WebRTC Grabber. (Big thanks redpois0n & diafygi for making this proof of concept possible.)

What is WebRTC ? WebRTC (Web Real-Time Communication) is a collection of communications protocols and application programming interfaces that enable real-time communication over peer-to-peer connections. This allows web browsers to not only request resources from backend servers, but also real-time information from browsers of other users.

This enables applications such as video conferencing, file transfer, chat, or desktop sharing without the need of either internal or external plugins.

WebRTC is being standardized by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF). The reference implementation is released as free software under the terms of a BSD license. OpenWebRTC provides another free implementation based on the multimedia framework GStreamer.

WebRTC uses javascript in order to reveal your real ip address. It can make a VPN, Proxy server and services such as Tor (The Onion Route) indique by revealing the the actual ip address. Since WebRTC uses JavaScript requests to get your IP address, users of NoScript or similar services will not leak their IP addresses.

Requirements:
Web Hosting
PHP
Write permissions in same directory as index.php

Now that we have discussed WebRTC a little we can now proceed to setting up WebRTC-Grabber.

First of all I will find a free web host and create an account. The web host must support php you can get a free web server from 000webhost if you don’t already have hosting.

https://www.000webhost.com/

I have created a domain http://webrtc.unaux.com this will be used to conduct our test.

Now we have web hosting set up. We can now use FTP to upload website files to our web space. Start an FTP client and connect to your web space I will use Filezilla.

Once you have connected to your web space we need to download WebRTC-Grabber you can download WebRTC-Grabber from the following location.

https://github.com/redpois0n/webrtc-grabber

Upload the contents of WebRTC-Grabber to your web hosting space.

Add Write permissions in same directory as index.php

After WebRTC-Grabber has upload we can now do a quick test.

I will now visit the demo website we set up to conduct our WebRTC test.

http://webrtc.unaux.com

As you can see in the screen shot above we now have a new file in our Web Hosting space called log.txt this is where all the the logs will be stored. We will now take a deeper look inside of the log.txt file. as you can see from the screenshot below we have successfully captured some IPs that have the compatibility of using WebRTC.

If you enjoyed this article please consider sharing it this article was created for educational purposes www.hackingvision.com will not be held responsible for misuse of this information.

Disabling WebRTC 

WebRTC can leak your IP address even if your behind a VPN

If you enjoyed this article please consider sharing it this article was created for educational purposes www.hackingvision.com will not be held responsible for misuse of this information.

Comments

comments