webrtc-leak-detector
v1.0.0
Published
Minimal browser library for WebRTC IP leak detection. Detects local and public IPs exposed via RTCPeerConnection even with VPN active. RFC 8826 reference implementation.
Downloads
36
Maintainers
Readme
webrtc-leak-detector
Minimal browser library for WebRTC IP leak detection. Detects local and public IPs exposed via
RTCPeerConnectioneven when a VPN tunnel is active.
Background
A VPN that "leaks identifying data" is worse than no VPN — it gives a false sense of privacy while still exposing your real IP. WebRTC is the most common leak channel because:
RTCPeerConnectionis part of the browser API (not the VPN's network layer).- It enumerates local network interfaces and sends STUN binding requests.
- Standard VPN clients don't intercept these requests.
RFC 8826 (WebRTC Security Architecture) describes ICE candidate gathering in detail.
Install
npm install webrtc-leak-detectorUsage
Basic detection
import { detectWebRTCLeaks } from 'webrtc-leak-detector';
const result = await detectWebRTCLeaks();
console.log('All IPs detected:', result.ips);
console.log('Local IPs:', result.local); // private network / link-local
console.log('Public IPs:', result.publicIps); // routable — these matterCheck against expected VPN exit IP
import { checkLeakAgainstVpn } from 'webrtc-leak-detector';
// Get your VPN exit IP from any IP service (e.g. https://api.ipify.org)
const vpnExit = await fetch('https://api.ipify.org').then(r => r.text());
const check = await checkLeakAgainstVpn(vpnExit);
if (check.leak) {
console.warn('LEAK DETECTED:', check.mismatches);
} else {
console.log('No leak. WebRTC sees only the VPN exit:', vpnExit);
}Custom STUN servers
await detectWebRTCLeaks({
iceServers: [
{ urls: 'stun:stun.cloudflare.com:3478' },
{ urls: 'stun:stun.l.google.com:19302' },
],
timeoutMs: 5000,
});Methodology
This library reproduces the methodology documented in our VPN testing protocol:
- Whitepaper: https://www.anonymflow.com/en/methodology
- Reference study (95 sessions, May 2026): DOI 10.5281/zenodo.20465371
Mitigation if leak detected
Three reliable mitigations:
- Firefox:
about:config→media.peerconnection.enabled = false - Chrome / Edge / Brave: install
WebRTC ControlorWebRTC Network Limiterextension - Network level: block UDP STUN ports (3478, 5349) at your router
Full diagnostic + per-OS guidance: https://www.anonymflow.com/en/blog/dns-leak-test
License
MIT © Eric Gérard
See also
- dnsleak — Python CLI for DNS leak testing
- vpnspeed — VPN speed measurement
- Awesome VPN Leak Detection — Curated list
