Bypassing STUN IP Address requests for WebRTC
Four days back , a guy released a code which could get back the real ip address , even if your using a VPN , sounds intersting right !
here is the demo >>
https://diafygi.github.io/webrtc-ips/
That was just an javascript magic , Just via sending an Stun requests
As they said
"Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain."
yes i agree that they are not blocked by plugins , so y not just remove the stun server from the mozilla ,
to do that
1)open mozilla
2) type about:config
3) search for media.peerconnection.default_iceservers
4) modify the value to 0
thats it you are done , as of now this fixes for mozilla , and internet explorer doesnt support those requests , as tor is mozilla based so now we can remain anonymous :D
POC:-
enjoy and thanks for reading !
I never thought I will come in contact with a real and potential hacker until I knew brillianthckers800 at Gmail and he delivered a professional job,he is intelligent and understanding to control jobs that comes his way
ReplyDeleteContact him and be happy