Jump to content


Photo
- - - - -

WebRTC-Leaks not shown by ipleak.net

leak webrtc airvpn

  • Please log in to reply
11 replies to this topic

#1 highchilled

highchilled

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 31 August 2016 - 01:29 AM

Hello!


I found an issue...

When using the Testpage of AirVPN for DNS- and WebRTC-Leaks (www.ipleak.net) it's actually not showing WebRTC-Leaks, although they are there!

Under circumstances this can cause serious trouble for the VPN-Users, because when they don't see any leaks, most of them will be sure that there are no leaks - but that can be very false!

I discovered clear WebRTC-Leaks on a Windows7-machine + up-to-date Firefox; but ipleak.net only showed me the internal IP leaks! (which are actually not dangerous)

I opened 2 Firefox-Windows while connected to a AirVPN-Server and while ipleak.net didn't show real-IP leaks, at the same moment another site clearly showed these WebRTC-leaks (GitHub)!

As you can see on the screenshot ipleak.net doesn't show anything suspicious, but Github shows all the leaks including my real Provider-IP + all internal Network IP's;
so actually EVERYTHING was leaking and totally broke the anonymity of AirVPN in my Browser!

Now I want to know why ipleak.net provides WebRTC-leak-detecion, when it actually not working at all (also tested on Linux!)

Try it yourself and you will see what I mean:

1. https://ipleak.net/
2. https://diafygi.github.io/webrtc-ips/

Please also check my screenshot below!
Btw. you can fix that leak easily in your Firefox-Settings!


Answers are welcome!

regards,
me
 

Attached Thumbnails

  • WEBRTC LEAKS.png


#2 LZ1

LZ1

    It's nice to be nice to nice people

  • Moderators
  • 1953 posts

Posted 31 August 2016 - 12:18 PM

Hello!

Were you using Eddie and Network Lock? Also, is there a reason you didn't just disable media peerconnection?

Sent to you from me with datalove

Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. Its Guides Section has guides on Linux/Torrenting/Blocked sites & many other topics too.
Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please read the First Questions section in the link above for more details, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Tired of Windows? Why Linux Is Better.

#3 highchilled

highchilled

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 31 August 2016 - 12:31 PM

Hello!

Were you using Eddie and Network Lock? Also, is there a reason you didn't just disable media peerconnection?

Sent to you from me with datalove

Thanks for your reply, but...
I think you didn't understand the question ;)

Although it doesn't has to do with my actual question: Ofc I usually have media.peerconnection disabled (but you have to do it manually, Firefox has it enabled if fresh installed - so many people will have leaks here, becuase they don't even know about it - so I enabled it to make it visible ;)

And they don't know (and now we come to reason of my post) BECAUSE ipleak.net doesn't show it to them!

My question was, why ipleak.net (AirVPN) offers WebRTC-Leak detection, but can't detect them properly ?
Do you understand young jedi? ;D



#4 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 31 August 2016 - 03:39 PM

You have NoScript enabled on ipleak but not on Github.

Run the same tests with the same rules, or without 3d party blockers at all.

 

The test is exactly the same, and is using the same Mozilla STUN servers in

order to determine your IPs.

 

Ipleak:

// Get the IP addresses associated with an account
	// Thanks: https://github.com/diafygi/webrtc-ips
	
	rtcDetectionDo: function(callback)
	{
			// Based on work by https://github.com/diafygi/webrtc-ips
		
	    var ip_dups = {};
	
	    var RTCPeerConnection = IpLeak.rtcGetPeerConnection();
	    
	    var mediaConstraints = 
	    {
	        optional: [{RtpDataChannels: true}]
	    };
	
	    //firefox already has a default stun server in about:config
	    //    media.peerconnection.default_iceservers =
	    //    [{"url": "stun:stun.services.mozilla.com"}]
	    var servers = undefined;
	
	    //add same stun server for chrome
	    if(window.webkitRTCPeerConnection)
	        servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

 

Diafygi Github:

 


                    var win = iframe.contentWindow;
                    RTCPeerConnection = win.RTCPeerConnection
                        || win.mozRTCPeerConnection
                        || win.webkitRTCPeerConnection;
                    useWebKit = !!win.webkitRTCPeerConnection;
                }

                //minimal requirements for data connection
                var mediaConstraints = {
                    optional: [{RtpDataChannels: true}]
                };

                var servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

 

 

He was credited on IPleak for the original work as well.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#5 cm0s

cm0s

    Advanced Member

  • Members
  • PipPipPip
  • 301 posts

Posted 31 August 2016 - 05:52 PM

what zhang888 said



#6 highchilled

highchilled

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 31 August 2016 - 06:22 PM


You have NoScript enabled on ipleak but not on Github.

Run the same tests with the same rules, or without 3d party blockers at all.

 

The test is exactly the same, and is using the same Mozilla STUN servers in

order to determine your IPs.

 

 

No dude, No-Script allows both Top-Domains and blocks the same Sub-Domains at the same moment - so that can't be the solution!
Please check the meaning of No-Script signs again.

The question mark in NS only means, that there are some !sub-domains! not allowed ;D

And these sub-domains are from google not from you - and GitHub also doens't need sub-domains; so... ?!



It's just a thing I found out and was wondering about; that's why I posted it :)



#7 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 31 August 2016 - 08:53 PM

Confirming there a little issue that started because of a small API change of predefined Mozilla STUN addresses in Firefox 41:

https://bugzilla.mozilla.org/show_bug.cgi?id=1143827

 

The test on diafygi's page made a workaround for this issue here:

https://github.com/diafygi/webrtc-ips/commit/a95b3613e3ee83d2d51cfb184d334767cf71e486

 

In any case, the main idea of telling you if WebRTC is enabled or not was working, it just did not

show the external address under certain conditions.

 

 

Wait for the ipleak developer for more comments.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#8 highchilled

highchilled

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 01 September 2016 - 10:25 AM

Confirming there a little issue that started because of a small API change of predefined Mozilla STUN addresses in Firefox 41:

https://bugzilla.mozilla.org/show_bug.cgi?id=1143827

 

The test on diafygi's page made a workaround for this issue here:

https://github.com/diafygi/webrtc-ips/commit/a95b3613e3ee83d2d51cfb184d334767cf71e486

 

In any case, the main idea of telling you if WebRTC is enabled or not was working, it just did not

show the external address under certain conditions.

 

 

Wait for the ipleak developer for more comments.

That's what I wanted to hear - thank you man!
At all... I like ipleak.net - but that was strange ;D



#9 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 01 September 2016 - 12:22 PM

Hello,

 

thanks zhang and everybody. ipleak.net maintainers are now aware of the issue.

 

Kind regards



#10 highchilled

highchilled

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 01 September 2016 - 05:37 PM

Hello,

 

thanks zhang and everybody. ipleak.net maintainers are now aware of the issue.

 

Kind regards

1 month free VPN please :D



#11 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 01 September 2016 - 08:01 PM

Hello,

 

thanks zhang and everybody. ipleak.net maintainers are now aware of the issue.

 

Kind regards

1 month free VPN please :D

 

You'd get a year for being nice. This is not nice. :D


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#12 highchilled

highchilled

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 01 September 2016 - 09:14 PM

 

1 month free VPN please :D

Hello,

 

thanks zhang and everybody. ipleak.net maintainers are now aware of the issue.

 

Kind regards

You'd get a year for being nice. This is not nice. :D

Ah ok.. next time I stfu and go to Github :P :D







Similar Topics Collapse


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 13865 - BW: 50422 Mbit/sYour IP: 54.197.24.206Guest Access.