Web Real-Time Communication is an API definition drafted by the World Wide Web Consortium (W3C) created for browser-to-browser communication enabling audio, video and filesharing built directly into the browser.
Questions tagged [webrtc]
36 questions
16
votes
3 answers
How secure is "Firefox Hello"?
The new "Firefox Hello" feature promises easy and safe video conversation. It is not nescessary to create an account, you simply share a link with your partner to start the conversation. The communication is promised to be "private and secure" on…
dervonnebenaan
- 365
- 2
- 7
13
votes
1 answer
What is WebRTC and how can I protect myself against leaking information that doesn't need to be shared?
What is WebRTC and what is it intended to be used for?
According to this Browser Leaks Test for WebRTC and IP Leaks, I am currently leaking IP information for IP addresses that I do not believe anybody on the internet needs to know, ever.
I…
kalina
- 3,354
- 5
- 20
- 36
12
votes
4 answers
What is the point of TURNS in WebRTC
WebRTC makes use of TURN-Servers if the direct peer to peer connection fails. There are two protocols available: TURN and TURNS (TURN over TLS).
According to the MDN:
All data transferred using WebRTC is encrypted.
If all data sent via a data…
Someone else
- 121
- 1
- 5
7
votes
2 answers
Stun scripts/webRTC IP leaks
I've been looking at webRTC and stun scripts in general and their ability to bypass VPN's. And have a few questions I hope someone can help me with.
1) Since using openVPN and other VPN protocols/methods normally sets the default adaptor to itself,…
user3407675
- 73
- 4
7
votes
1 answer
Why does WebRTC need the local IP?
This question Why is my internal IP address (private) visible from the Internet? highlights that the Local IP can be accessible from a website because WebRTC needs it.
However it does not answer why WebRTC needs it. From the wiki page of the STUN…
Jecimi
- 183
- 4
6
votes
2 answers
How to really treat security between peers in WebRTC
Recently I've been implementing WebRTC in my project and would like to add security and privacy to the couple. I then decided to search on and found something
if it is really necessary to impose security, it should be done at the
application…
user5166099
- 61
- 3
6
votes
1 answer
Is WebRTC still leaking my IP addresses in incognito or private browsing mode?
WebRTC can leak your private IP address, even though you are using a VPN, from what I learn here.
Am I protected against this information leak affecting my privacy, when I'm using the incognito or private browsing mode in my browser along with a…
Graviton
- 905
- 4
- 12
- 26
6
votes
1 answer
How to pentest DTLS-SRTP?
I'm currently working on a penetration test about DTLS-SRTP strengths and weaknesses. But I'm stuck on an eavesdropping test using Wireshark.
Yes, it's protected by SRTP, but:
What's DTLS actually doing/working on the media channel?
What are…
alsterisk
- 61
- 1
5
votes
1 answer
How to decrypt Diffie-Hellman encryption in WebRTC?
I have installed a WebRTC server application, which is designed for Contact Center solutions: communicates with internal PCs in pure RTP (agents), and with external PCs (customers) using encrypted WebRTC. WebRTC is encrypted with Diffie-Hellman. I…
Gábor Major
- 151
- 4
4
votes
1 answer
Webrtc privacy issues?
I've been reading about WebRTC, and I'm interested in using it for a drawing web application that uses real-time collaboration. However, as I understand, WebRTC communication requires all parties involved to know each other's IP address.
If one of…
John L.
- 141
- 2
4
votes
1 answer
WebRTC security & encryption
I am building a WebRTC application, and really concerned about security.
I have read this quite interesting article : https://webrtc-security.github.io
As I am far from being an expert in networking security, I just want to confirm that I am doing…
Flo Schild
- 141
- 5
3
votes
1 answer
What information can be leaked via unencrypted STUN transmission?
I am brand new to WebRTC and am trying to wrap my head around what the STUN protocol exactly does and the risks of data leakage on an unencrypted transmission.
From my understanding, the STUN protocol helps programs sitting behind NATs find each…
Dave
- 215
- 1
- 3
- 4
3
votes
1 answer
WebRTC shouldn't leak from a full, transport layer VPN ... right?
I have read and re-read the questions about webRTC leaks and have a good understanding as to how this works and why IP addresses are leaking from so-called "VPN tunnels".
However, in all of those cases, the "VPN tunnels" are actually just software…
user227963
- 201
- 1
- 2
2
votes
1 answer
WebRTC attack surface area?
I'm building an app for browser-to-browser communication.
What is the attack surface area for WebRTC in 2015?
What kinds of attacks could be done? And more importantly, how do I craft something useful, that does it's reasonable best to be…
Michael Cole
- 288
- 1
- 8
2
votes
1 answer
Properly solving IP leaking from WebRTC and other apps with STUN when using a VPN
This is really a follow-up question from this: Stun scripts/webRTC IP leaks
I'm connecting to a VPN using a virtual adapter, which has a default routing rule so all traffic goes through it. I still have the real adapter and it needs a specific…
jozxyqk
- 121
- 3