User Rating 0.0 ★★★★★

Total Usage 0 times

Category Internet & Technology

🌐 IP Visibility Analysis

Public IP (via HTTP) Waiting...

WebRTC IP (Stun) Waiting...

Local IP (LAN) Waiting...

🔍 Media Device Fingerprint

WebRTC exposes hardware IDs even without permission in some configurations.

Scan not started

Entropy/Uniqueness -

ICE Candidate Log

System ready. Awaiting user command...

Mitigation Guide

Install the official WebRTC Network Limiter extension by Google or uBlock Origin.
In uBlock Origin settings, enable "Prevent WebRTC from leaking local IP addresses".
Brave Users: Go to Settings > Shields > Fingerprinting Blocking and set to "Strict".

Type about:config in the address bar and accept the risk.
Search for media.peerconnection.enabled.
Double-click to toggle it to FALSE.
Search for media.navigator.enabled and set to FALSE (disables device enumeration).

Go to Preferences > Advanced.
Check "Show Develop menu in menu bar".
In the Develop menu, select WebRTC.
Check "Disable ICE Candidate Restrictions" (to test) or ensure it handles proxies correctly. Safari is stricter by default but still vulnerable to internal IP leaks.

Is this tool helpful?

Your feedback helps us improve.

★ ★ ★ ★ ★

About

This tool utilizes the RTCPeerConnection API to audit your browser's network visibility. While WebRTC enables real-time audio/video communication, it bypasses standard proxy configurations by establishing direct UDP/TCP connections via STUN (Session Traversal Utilities for NAT) servers. This often reveals your Real_IP even when a VPN is active.

We analyze the ICE (Interactive Connectivity Establishment) candidates generated by your browser. If a candidate contains an IP address distinct from your public interface IP (detected via HTTP), a leak is present. Furthermore, this tool performs Media Device Fingerprinting, enumerating unique hardware IDs (deviceId, groupId) which advertisers use to track users across sessions, independent of cookies.

Formulas

The logic for leak detection relies on set comparison between the HTTP-visible IP and the WebRTC-exposed IPs.

{

SAFE if S_rtc ⊆ (S_vpn S_local)LEAK if ∃ ip ∈ S_rtc such that ip ∉ S_vpn ∧ ip ∉ S_local

Where S_rtc is the set of gathered ICE candidates, S_vpn is the public IP set routed through the tunnel, and S_local contains private subnet ranges (e.g., 192.168.0.0/16).

Reference Data

Protocol Component	Function	Privacy Risk	Typical Port
STUN	Resolves Public IP behind NAT	&highbar; High (Exposes Real IP)	3478 (UDP)
TURN	Relays traffic when P2P fails	≈ Medium (Server Logs)	5349 (TLS)
Host Candidate	Direct Local Network Interface	_ Low (Local IP 192.168.x.x)	Ephemeral
Srflx Candidate	Server Reflexive (NAT mapped)	! Critical (True Public IP)	Ephemeral
Media Enumeration	Lists Hardware IDs	⌖ Tracking Vector	N/A

Frequently Asked Questions

A WebRTC leak occurs when your browser's real-time communication feature (WebRTC) inadvertently sends your actual IP address to a third party, bypassing your VPN tunnel. This happens because WebRTC uses STUN servers to discover the most efficient path for data, often ignoring the system's default gateway or proxy settings.

Seeing a local IP (LAN IP) is generally safe and expected. It simply means WebRTC is reporting your internal network address. However, unique local subnet patterns can sometimes be used for "soft" fingerprinting of your network topology.

The fix depends on your browser. In Firefox, you can set "media.peerconnection.enabled" to false in about:config. Chrome and Safari often require third-party extensions (like uBlock Origin or WebRTC Control) to strictly block UDP traffic or force proxy usage.

Even if your IP is hidden, websites can ask your browser for a list of available cameras and microphones. The unique combination of these device IDs (e.g., "Logitech C920", 'Built-in Mic') creates a unique hash that can identify you across different browsing sessions and Incognito windows.