This project is created for educational and research purposes only. It demonstrates how the WebRTC protocol can inadvertently leak a user's public IP address even when behind certain layers of abstraction. Do not use this script on platforms or users without explicit permission.
WebRTC (Web Real-Time Communication) uses the ICE (Interactive Connectivity Establishment) framework to find the shortest path between two peers.
During this "handshake," the browser generates ICE Candidates. Some of these candidates, specifically the srflx (Server Reflexive) type, are retrieved from STUN servers and contain the user's Public IP Address.
To test this script in a controlled, educational environment:
- Create Your API Key in https://ipinfo.io/
- Clone this repository to your local machine.
- Open a website that uses WebRTC (e.g., P2P video chats or WebRTC leak test sites).
- Open the Browser Console by pressing
F12and selecting the Console tab (orCtrl+Shift+I). - Paste the content of
script.jsinto the console and pressEnter. - Logs will appear automatically in the console whenever a peer connection is established and an IP is identified.
To prevent this type of leak and maintain your privacy:
- Use a high-quality VPN: Ensure your VPN provider specifically masks WebRTC traffic (not all do by default).
- Install browser extensions: Use tools like WebRTC Leak Prevent or uBlock Origin (with WebRTC blocking enabled).
- Firefox Configuration: You can disable WebRTC entirely by typing
about:configin the address bar and settingmedia.peerconnection.enabledtofalse.
Distributed under the MIT License. See LICENSE for more information.