It has been discussed many times on Stackoverflow that by default WebRTC technology leaks your real IP even if your using a proxy to browse the web. What I haven't seen discussed is whether this requires the end user to click a button to enable this kind of leak or whether the leak occurs regardless of any action taken by the user.
For example, when you go to Express VPN they require you press a button to test for WebRTC leak. My question is - is this done for privacy reasons or somehow the button activates WebRTC tech so it can leak your IP?
In other words, assuming you never need to use WebRTC tech (just browser a blog or eCommerce shop) and all you do is click a few links - can a website still detect your real IP through WebRTC?
Thanks
CodePudding user response:
Yes, a browser can detect your public IP address using WebRTC.
No, the leak is not reliant on your button interaction.
Recently, I found an unpatched github repo webrtc-ip, which can leak a user's public IP address using WebRTC. This is powerful because you cannot trace it, as nothing is shown in the Networks tab.
Sadly, this leak does not work for private IPs, due to the gradual shift to mDNS (at least for WebRTC), which is described completely in this great blog. Anyways,a here's a working demo:
https://webrtc-ip.herokuapp.com/
I am not sure if this leaks your true IP address even if you are using a proxy, but feel free to test it out.