privacyguides.org/webrtc.html

<!DOCTYPE html>
<html>
<head>
<title>WebRTC IP Leak VPN / Tor Test</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="shortcut icon" href="favicon.ico" type="image/ico">
</head>
<body>

<div style="width:600px;">
<h1><a href="https://www.privacytools.io/"><img src="img/layout/logo.png" class="img-responsive" alt="privacytools.io"></a></h1>

<h2>WebRTC IP Leak VPN / Tor IP Test</h2>

<p>
	WebRTC is a communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN. While software like NoScript prevents this, it's probably a good idea to block this protocol directly as well, just to be safe. This page will test if your internet browser is affected by the <strong>WebRTC Leak.</strong>
</p>
	
<p>
This demo secretly makes requests to STUN servers that can log your
request. These requests do not show up in developer consoles and
cannot be blocked by browser plugins like AdBlock, Ghostery, etc.
</p>

<p>&nbsp;</p>
<strong>Your local IP addresses:</strong>
<ul></ul>
<strong>Your public IP addresses:</strong>
<ul></ul>

<p>&nbsp;</p>

<p>Your browser is not safe and will show your real IP even though you are using a VPN service if you can see your real IP addresses here.</p>

<p><strong><a href="https://www.privacytools.io/#webrtc">How to fix the WebRTC Leak?</a></strong></p>

<p>&nbsp;</p>

<p><a href="https://github.com/diafygi/webrtc-ips">Source code on GitHub</a></p>

<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
<script>
//get the IP addresses associated with an account
function getIPs(callback){
var ip_dups = {};
//compatibility for firefox and chrome
var RTCPeerConnection = window.RTCPeerConnection
|| window.mozRTCPeerConnection
|| window.webkitRTCPeerConnection;
var useWebKit = !!window.webkitRTCPeerConnection;
//bypass naive webrtc blocking using an iframe
if(!RTCPeerConnection){
//NOTE: you need to have an iframe in the page right above the script tag
//
//<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
//<script>...getIPs called in here...
//
var win = iframe.contentWindow;
RTCPeerConnection = win.RTCPeerConnection
|| win.mozRTCPeerConnection
|| win.webkitRTCPeerConnection;
useWebKit = !!win.webkitRTCPeerConnection;
}
//minimal requirements for data connection
var mediaConstraints = {
optional: [{RtpDataChannels: true}]
};
//firefox already has a default stun server in about:config
// media.peerconnection.default_iceservers =
// [{"url": "stun:stun.services.mozilla.com"}]
var servers = undefined;
//add same stun server for chrome
if(useWebKit)
servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};
//construct a new RTCPeerConnection
var pc = new RTCPeerConnection(servers, mediaConstraints);
function handleCandidate(candidate){
//match just the IP address
var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/
var ip_addr = ip_regex.exec(candidate)[1];
//remove duplicates
if(ip_dups[ip_addr] === undefined)
callback(ip_addr);
ip_dups[ip_addr] = true;
}
//listen for candidate events
pc.onicecandidate = function(ice){
//skip non-candidate events
if(ice.candidate)
handleCandidate(ice.candidate.candidate);
};
//create a bogus data channel
pc.createDataChannel("");
//create an offer sdp
pc.createOffer(function(result){
//trigger the stun server request
pc.setLocalDescription(result, function(){}, function(){});
}, function(){});
//wait for a while to let everything done
setTimeout(function(){
//read candidate info from local description
var lines = pc.localDescription.sdp.split('\n');
lines.forEach(function(line){
if(line.indexOf('a=candidate:') === 0)
handleCandidate(line);
});
}, 1000);
}
//insert IP addresses into the page
getIPs(function(ip){
var li = document.createElement("li");
li.textContent = ip;
//local IPs
if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/))
document.getElementsByTagName("ul")[0].appendChild(li);
//assume the rest are public IPs
else
document.getElementsByTagName("ul")[1].appendChild(li);
});
</script>

</div>
</body>