Jump to content
Not connected, Your IP: 54.226.4.91
highchilled

WebRTC-Leaks not shown by ipleak.net

Recommended Posts

Hello!


I found an issue...

When using the Testpage of AirVPN for DNS- and WebRTC-Leaks (www.ipleak.net) it's actually not showing WebRTC-Leaks, although they are there!

Under circumstances this can cause serious trouble for the VPN-Users, because when they don't see any leaks, most of them will be sure that there are no leaks - but that can be very false!

I discovered clear WebRTC-Leaks on a Windows7-machine + up-to-date Firefox; but ipleak.net only showed me the internal IP leaks! (which are actually not dangerous)

I opened 2 Firefox-Windows while connected to a AirVPN-Server and while ipleak.net didn't show real-IP leaks, at the same moment another site clearly showed these WebRTC-leaks (GitHub)!

As you can see on the screenshot ipleak.net doesn't show anything suspicious, but Github shows all the leaks including my real Provider-IP + all internal Network IP's;
so actually EVERYTHING was leaking and totally broke the anonymity of AirVPN in my Browser!

Now I want to know why ipleak.net provides WebRTC-leak-detecion, when it actually not working at all (also tested on Linux!)

Try it yourself and you will see what I mean:

1. https://ipleak.net/
2. https://diafygi.github.io/webrtc-ips/

Please also check my screenshot below!
Btw. you can fix that leak easily in your Firefox-Settings!


Answers are welcome!

regards,
me
 

Share this post


Link to post

Hello!

 

Were you using Eddie and Network Lock? Also, is there a reason you didn't just disable media peerconnection?

 

Sent to you from me with datalove


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.


Tired of Windows? Why Linux Is Better.

Share this post


Link to post

Hello!

 

Were you using Eddie and Network Lock? Also, is there a reason you didn't just disable media peerconnection?

 

Sent to you from me with datalove

Thanks for your reply, but...

I think you didn't understand the question

 

Although it doesn't has to do with my actual question: Ofc I usually have media.peerconnection disabled (but you have to do it manually, Firefox has it enabled if fresh installed - so many people will have leaks here, becuase they don't even know about it - so I enabled it to make it visible

 

And they don't know (and now we come to reason of my post) BECAUSE ipleak.net doesn't show it to them!

 

My question was, why ipleak.net (AirVPN) offers WebRTC-Leak detection, but can't detect them properly ?

Do you understand young jedi? ;D

Share this post


Link to post

You have NoScript enabled on ipleak but not on Github.

Run the same tests with the same rules, or without 3d party blockers at all.

 

The test is exactly the same, and is using the same Mozilla STUN servers in

order to determine your IPs.

 

Ipleak:

// Get the IP addresses associated with an account
	// Thanks: https://github.com/diafygi/webrtc-ips
	
	rtcDetectionDo: function(callback)
	{
			// Based on work by https://github.com/diafygi/webrtc-ips
		
	    var ip_dups = {};
	
	    var RTCPeerConnection = IpLeak.rtcGetPeerConnection();
	    
	    var mediaConstraints = 
	    {
	        optional: [{RtpDataChannels: true}]
	    };
	
	    //firefox already has a default stun server in about:config
	    //    media.peerconnection.default_iceservers =
	    //    [{"url": "stun:stun.services.mozilla.com"}]
	    var servers = undefined;
	
	    //add same stun server for chrome
	    if(window.webkitRTCPeerConnection)
	        servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

 

Diafygi Github:

 


                    var win = iframe.contentWindow;
                    RTCPeerConnection = win.RTCPeerConnection
                        || win.mozRTCPeerConnection
                        || win.webkitRTCPeerConnection;
                    useWebKit = !!win.webkitRTCPeerConnection;
                }

                //minimal requirements for data connection
                var mediaConstraints = {
                    optional: [{RtpDataChannels: true}]
                };

                var servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

 

 

He was credited on IPleak for the original work as well.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

You have NoScript enabled on ipleak but not on Github.

Run the same tests with the same rules, or without 3d party blockers at all.

 

The test is exactly the same, and is using the same Mozilla STUN servers in

order to determine your IPs.

 

 

No dude, No-Script allows both Top-Domains and blocks the same Sub-Domains at the same moment - so that can't be the solution!

Please check the meaning of No-Script signs again.

 

The question mark in NS only means, that there are some !sub-domains! not allowed ;D

 

And these sub-domains are from google not from you - and GitHub also doens't need sub-domains; so... ?!

 

 

 

It's just a thing I found out and was wondering about; that's why I posted it

Share this post


Link to post

Confirming there a little issue that started because of a small API change of predefined Mozilla STUN addresses in Firefox 41:

https://bugzilla.mozilla.org/show_bug.cgi?id=1143827

 

The test on diafygi's page made a workaround for this issue here:

https://github.com/diafygi/webrtc-ips/commit/a95b3613e3ee83d2d51cfb184d334767cf71e486

 

In any case, the main idea of telling you if WebRTC is enabled or not was working, it just did not

show the external address under certain conditions.

 

 

Wait for the ipleak developer for more comments.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Confirming there a little issue that started because of a small API change of predefined Mozilla STUN addresses in Firefox 41:

https://bugzilla.mozilla.org/show_bug.cgi?id=1143827

 

The test on diafygi's page made a workaround for this issue here:

https://github.com/diafygi/webrtc-ips/commit/a95b3613e3ee83d2d51cfb184d334767cf71e486

 

In any case, the main idea of telling you if WebRTC is enabled or not was working, it just did not

show the external address under certain conditions.

 

 

Wait for the ipleak developer for more comments.

That's what I wanted to hear - thank you man!

At all... I like ipleak.net - but that was strange ;D

Share this post


Link to post

 

Hello,

 

thanks zhang and everybody. ipleak.net maintainers are now aware of the issue.

 

Kind regards

1 month free VPN please

 

You'd get a year for being nice. This is not nice.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

 

 

1 month free VPN please

Hello,

 

thanks zhang and everybody. ipleak.net maintainers are now aware of the issue.

 

Kind regards

You'd get a year for being nice. This is not nice.

Ah ok.. next time I stfu and go to Github

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...