mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-12-19 12:54:37 -05:00
123 lines
4.0 KiB
HTML
123 lines
4.0 KiB
HTML
|
<!DOCTYPE html>
|
||
|
<html>
|
||
|
<head>
|
||
|
<title>WebRTC IP Leak VPN / Tor Test</title>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<link rel="shortcut icon" href="favicon.ico" type="image/ico">
|
||
|
</head>
|
||
|
<body>
|
||
|
|
||
|
<div style="width:600px;">
|
||
|
<h1><a href="https://www.privacytools.io/"><img src="img/layout/logo.png" class="img-responsive" alt="privacytools.io"></a></h1>
|
||
|
|
||
|
<h2>WebRTC IP Leak VPN / Tor IP Test</h2>
|
||
|
|
||
|
<p>
|
||
|
WebRTC is a communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN. While software like NoScript prevents this, it's probably a good idea to block this protocol directly as well, just to be safe. This page will test if your internet browser is affected by the <strong>WebRTC Leak.</strong>
|
||
|
</p>
|
||
|
|
||
|
<p>
|
||
|
This demo secretly makes requests to STUN servers that can log your
|
||
|
request. These requests do not show up in developer consoles and
|
||
|
cannot be blocked by browser plugins like AdBlock, Ghostery, etc.
|
||
|
</p>
|
||
|
|
||
|
<p> </p>
|
||
|
<strong>Your local IP addresses:</strong>
|
||
|
<ul></ul>
|
||
|
<strong>Your public IP addresses:</strong>
|
||
|
<ul></ul>
|
||
|
|
||
|
<p> </p>
|
||
|
|
||
|
<p>Your browser is not safe and will show your real IP even though you are using a VPN service if you can see your real IP addresses here.</p>
|
||
|
|
||
|
<p><strong><a href="https://www.privacytools.io/#webrtc">How to fix the WebRTC Leak?</a></strong></p>
|
||
|
|
||
|
<p> </p>
|
||
|
|
||
|
<p><a href="https://github.com/diafygi/webrtc-ips">Source code on GitHub</a></p>
|
||
|
|
||
|
<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
|
||
|
<script>
|
||
|
//get the IP addresses associated with an account
|
||
|
function getIPs(callback){
|
||
|
var ip_dups = {};
|
||
|
//compatibility for firefox and chrome
|
||
|
var RTCPeerConnection = window.RTCPeerConnection
|
||
|
|| window.mozRTCPeerConnection
|
||
|
|| window.webkitRTCPeerConnection;
|
||
|
var useWebKit = !!window.webkitRTCPeerConnection;
|
||
|
//bypass naive webrtc blocking using an iframe
|
||
|
if(!RTCPeerConnection){
|
||
|
//NOTE: you need to have an iframe in the page right above the script tag
|
||
|
//
|
||
|
//<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
|
||
|
//<script>...getIPs called in here...
|
||
|
//
|
||
|
var win = iframe.contentWindow;
|
||
|
RTCPeerConnection = win.RTCPeerConnection
|
||
|
|| win.mozRTCPeerConnection
|
||
|
|| win.webkitRTCPeerConnection;
|
||
|
useWebKit = !!win.webkitRTCPeerConnection;
|
||
|
}
|
||
|
//minimal requirements for data connection
|
||
|
var mediaConstraints = {
|
||
|
optional: [{RtpDataChannels: true}]
|
||
|
};
|
||
|
//firefox already has a default stun server in about:config
|
||
|
// media.peerconnection.default_iceservers =
|
||
|
// [{"url": "stun:stun.services.mozilla.com"}]
|
||
|
var servers = undefined;
|
||
|
//add same stun server for chrome
|
||
|
if(useWebKit)
|
||
|
servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};
|
||
|
//construct a new RTCPeerConnection
|
||
|
var pc = new RTCPeerConnection(servers, mediaConstraints);
|
||
|
function handleCandidate(candidate){
|
||
|
//match just the IP address
|
||
|
var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/
|
||
|
var ip_addr = ip_regex.exec(candidate)[1];
|
||
|
//remove duplicates
|
||
|
if(ip_dups[ip_addr] === undefined)
|
||
|
callback(ip_addr);
|
||
|
ip_dups[ip_addr] = true;
|
||
|
}
|
||
|
//listen for candidate events
|
||
|
pc.onicecandidate = function(ice){
|
||
|
//skip non-candidate events
|
||
|
if(ice.candidate)
|
||
|
handleCandidate(ice.candidate.candidate);
|
||
|
};
|
||
|
//create a bogus data channel
|
||
|
pc.createDataChannel("");
|
||
|
//create an offer sdp
|
||
|
pc.createOffer(function(result){
|
||
|
//trigger the stun server request
|
||
|
pc.setLocalDescription(result, function(){}, function(){});
|
||
|
}, function(){});
|
||
|
//wait for a while to let everything done
|
||
|
setTimeout(function(){
|
||
|
//read candidate info from local description
|
||
|
var lines = pc.localDescription.sdp.split('\n');
|
||
|
lines.forEach(function(line){
|
||
|
if(line.indexOf('a=candidate:') === 0)
|
||
|
handleCandidate(line);
|
||
|
});
|
||
|
}, 1000);
|
||
|
}
|
||
|
//insert IP addresses into the page
|
||
|
getIPs(function(ip){
|
||
|
var li = document.createElement("li");
|
||
|
li.textContent = ip;
|
||
|
//local IPs
|
||
|
if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/))
|
||
|
document.getElementsByTagName("ul")[0].appendChild(li);
|
||
|
//assume the rest are public IPs
|
||
|
else
|
||
|
document.getElementsByTagName("ul")[1].appendChild(li);
|
||
|
});
|
||
|
</script>
|
||
|
|
||
|
</div>
|
||
|
</body>
|