VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC

VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC

Cyber security researcher Paolo Stagno (aka VoidSec) has tested seventy VPN providers and found 16 of them leaks users’ IPs via WebRTC (23%)

Some time ago, during a small event in my city, I’ve presented a small research on “decloaking” the true IP of a website visitor (ab)using the WebRTC technology.

What is WebRTC?

WebRTC is a free, open project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs.

It includes the fundamental building blocks for high-quality communications on the web, such as network, audio and video components used in voice and video chat applications, these components, when implemented in a browser, can be accessed through a JavaScript API, enabling developers to easily implement their own RTC web app.

STUN/ICE

Is a component allowing calls to use the STUN and ICE mechanisms to establish connections across various types of networks? The STUN server sends a pingback that contains the IP address and port of the client

These STUN (Session Traversal Utilities for NAT) servers are used by VPNs to translate a local home IP address to a new public IP address and vice-versa. To do this, the STUN server maintains a table of both your VPN-based public IP and your local (“real”) IP during connectivity (routers at home replicate a similar function in translating private IP addresses to public and back.).

WebRTC allows requests to be made to STUN servers which return the “hidden” home IP-address as well as local network addresses for the system that is being used by the user.

The results of the requests can be accessed using JavaScript, but because they are made outside the normal XML/HTTP request procedure, they are not visible in the developer console.

The only requirement for this de-anonymizing technique to work is WebRTC and JavaScript support from the browser.

VPN and WebRTC

This functionality could be also used to de-anonymize and trace users behind common privacy protection services such as: VPN, SOCKS Proxy, HTTP Proxy and in the past (TOR users).

Browsers that have WebRTC enabled by default:

  • Mozilla Firefox
  • Google Chrome
  • Google Chrome on Android
  • Internet (Samsung Browser)
  • Opera
  • Vivaldi

23% of the tested VPNs and Proxies services disclosed the real IP address of the visitors making the users traceable.

The following providers leaks users’ IP:

  • BolehVPN (USA Only)
  • ChillGlobal (Chrome and Firefox Plugin)
  • Glype (Depends on the configuration)
  • hide-me.org
  • Hola!VPN
  • Hola!VPN Chrome Extension
  • HTTP PROXY navigation in browser that support Web RTC
  • IBVPN Browser Addon
  • PHP Proxy
  • phx.piratebayproxy.co
  • psiphon3 (not leaking if using L2TP/IP)
  • PureVPN
  • SOCKS Proxy on browsers with Web RTC enabled
  • SumRando Web Proxy
  • TOR as PROXY on browsers with Web RTC enabled
  • Windscribe Add-ons

VPN

You can find the complete spreadsheet of tested VPN providers here: https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit#gid=0

Add a comment or send me a tweet if you have updated results for any of the VPN which I am missing details. (especially the “$$$” one, since I cannot subscribe to 200 different paid VPN services :P)

Stay anonymous while surfing:

Some tips to follow in order to protect your IP during the internet navigation:

  • Disable WebRTC
  • Disable JavaScript (or at least some functions. Use NoScript)
  • Disable Canvas Rendering (Web API)
  • Always set a DNS fallback for every connection/adapter
  • Always kill all your browsers instances before and after a VPN connection
  • Clear browser cache, history, and cookies

PoC:

You can check if your VPN leaks through this POC: http://ip.voidsec.com

PoC Code:

I’ve updated Daniel Roesler code in order to make it works again and you can find it on Github.

How to Build a TOR AP Router Raspberry Pi

How to Build a TOR AP Router Raspberry Pi

Tor AP Wifi Router Tutorial For Raspberry Pi

In today’s tutorial, we will be creating our own TOR Onion Router. This will enable us to mask our IP address from prying eyes without needing to configure anything on the device end.

Items Needed▼
Canakit Raspbery Pi 3 Complete Starter Kit S$250 ► BuyNow
Raspberry Pi Image ► Download
Putty ► Download
Win32 Disk Imager ► Download

Accessories
Touch-screen-3-5-inch-320×480-resolution-tft-lcd-display S$50 ► BuyNow

Build
If you want us to build for you (1st) Make the $10 configuration Payment ▼

(2nd) Buy the starter kit at our shop in the note section just indicate “Configuration Paid – Please Build Tor Onion Router”.

Shell Commands(In order):▼

    Tor AP Wifi Router Tutorial For Raspberry Pi

    sudo raspi-config
    sudo apt-get update
    sudo apt-get install hostapd isc-dhcp-server
    sudo apt-get install iptables-persistent
    sudo nano /etc/dhcp/dhcpd.conf

    Find the lines that say

    option domain-name "example.org";
    option domain-name-servers ns1.example.org, ns2.example.org;

    and change them to add a # in the beginning so they say

    #option domain-name "example.org";
    #option domain-name-servers ns1.example.org, ns2.example.org;

    Find the lines that say
    # If this DHCP server is the official DHCP server for the local
    # network, the authoritative directive should be uncommented.
    #authoritative;

    and remove the # so it says

    # If this DHCP server is the official DHCP server for the local
    # network, the authoritative directive should be uncommented.
    authoritative;

    Then scroll down to the bottom and add the following lines

    subnet 192.168.42.0 netmask 255.255.255.0 {
    range 192.168.42.10 192.168.42.50;
    option broadcast-address 192.168.42.255;
    option routers 192.168.42.1;
    default-lease-time 600;
    max-lease-time 7200;
    option domain-name "local";
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    }

    sudo nano /etc/default/isc-dhcp-server

    scroll down to INTERFACES="" and update it to say INTERFACES="wlan0"

    sudo ifdown wlan0
    sudo nano /etc/network/interfaces

    Find the line auto wlan0 and add a # in front of the line, and in front of every line afterwards.
    If you don't have that line, just make sure it looks like the screenshot below in the end!
    Basically just remove any old wlan0 configuration settings, we'll be changing them up

    auto lo

    iface lo inet loopback
    iface eth0 inet dhcp

    allow-hotplug wlan0

    iface wlan0 inet static
    address 192.168.42.1
    netmask 255.255.255.0

    #iface wlan0 inet manual
    #wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
    #iface default inet dhcp

    sudo ifconfig wlan0 192.168.42.1
    sudo nano /etc/hostapd/hostapd.conf

    interface=wlan0
    #driver=rtl871xdrv
    ssid=shahzmax.com
    country_code=US
    hw_mode=g
    channel=6
    macaddr_acl=0
    auth_algs=1
    ignore_broadcast_ssid=0
    wpa=2
    wpa_passphrase=Raspberry
    wpa_key_mgmt=WPA-PSK
    wpa_pairwise=CCMP
    wpa_group_rekey=86400
    ieee80211n=1
    wme_enabled=1

    sudo nano /etc/default/hostapd

    Find the line #DAEMON_CONF="" and edit it so it says DAEMON_CONF="/etc/hostapd/hostapd.conf"

    sudo nano /etc/init.d/hostapd

    DAEMON_CONF= and change it to DAEMON_CONF=/etc/hostapd/hostapd.conf

    sudo nano /etc/sysctl.conf

    Scroll to the bottom and uncomment
    net.ipv4.ip_forward=1

    sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
    sudo sh -c "iptables-save > /etc/iptables/rules.v4"
    sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf

    SHOULD BE ABLE TO SEE IF NETWORK IS UP TEST

    sudo mv /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service ~/
    sudo reboot
    sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
    sudo service hostapd start
    sudo service isc-dhcp-server start
    sudo update-rc.d hostapd enable
    sudo update-rc.d isc-dhcp-server enable

    CHECK TO SEE IF ITS UP AND WORKING

    sudo service isc-dhcp-server status
    sudo service hostapd status

    TOR AP
    sudo apt-get update
    sudo apt-get install tor
    sudo nano /etc/tor/torrc

    and copy and paste the text into the top of the file, right below the the FAQ notice.

    Log notice file /var/log/tor/notices.log
    VirtualAddrNetwork 10.192.0.0/10
    AutomapHostsSuffixes .onion,.exit
    AutomapHostsOnResolve 1
    TransPort 9040
    TransListenAddress 192.168.42.1
    DNSPort 53
    DNSListenAddress 192.168.42.1

    192.168.1.213
    192.168.42.1

    ===== Tor VPN StartUp Command - SSH to your pie & Cut and paste the cmd below everytime you Power On Your Pie to be in the Tor Network. ======

    sudo iptables -F
    sudo iptables -t nat -F
    sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
    sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
    sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
    sudo iptables -t nat -L
    sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
    sudo touch /var/log/tor/notices.log
    sudo chown debian-tor /var/log/tor/notices.log
    sudo chmod 644 /var/log/tor/notices.log
    ls -l /var/log/tor
    sudo service tor start
    sudo service tor status
    sudo update-rc.d tor enable