webrtc-ip-leak
v1.0.0
Published
Tiny zero-dependency browser utility to detect IP addresses (local + public) leaked by the WebRTC stack — useful for privacy and VPN leak testing.
Downloads
146
Maintainers
Readme
webrtc-ip-leak
Tiny, zero-dependency browser utility to detect IP addresses (local and public) that the WebRTC stack can leak — even when a VPN or proxy is active. Runs entirely client-side; no data leaves the browser.
Why this exists
WebRTC gathers ICE candidates to establish peer connections, and that process can expose your real local IP and public IP to any web page via RTCPeerConnection — a classic privacy gap that bypasses many VPNs. This helper lets you detect it so you can warn users or test a VPN's WebRTC leak protection.
Install
npm install webrtc-ip-leakUsage
import { detectWebRTCLeak } from "webrtc-ip-leak";
// or: const { detectWebRTCLeak } = require("webrtc-ip-leak");
const result = await detectWebRTCLeak({ timeout: 1500 });
console.log(result);
// {
// supported: true,
// ips: ["192.168.1.20", "203.0.113.7"],
// local: ["192.168.1.20"],
// public: ["203.0.113.7"] // <-- if non-empty while on a VPN, you have a WebRTC leak
// }If public contains your real ISP IP while connected to a VPN, your browser is leaking it through WebRTC.
API
detectWebRTCLeak(options?) → Promise<{ supported, ips, local, public }>
| option | default | description |
|---|---|---|
| timeout | 1500 | ms to gather ICE candidates |
| iceServers | Google STUN | custom STUN/TURN servers |
supported— whether the browser exposesRTCPeerConnectionips— all observed IPslocal— RFC1918 / link-local / IPv6 ULA addressespublic— routable addresses (the privacy-relevant ones)
How to fix a WebRTC leak
- Disable WebRTC in the browser, or use an extension that does.
- Use a VPN/browser that blocks WebRTC IP exposure.
- Run a full check (IP + DNS + WebRTC) — a hosted browser-based tester is available at AnonymFlow tools.
License
MIT
