Zero-Click Information Disclosure
This page automatically executes a WebRTC connection request upon loading. WebRTC relies on STUN/TURN servers to establish peer-to-peer connections. During this process, the browser gathers all available network interfaces (ICE candidates) and exposes them to Javascript, often leaking the user's real public and local IP addresses—even behind proxies or split-tunnel VPNs.
Local IP Obfuscation: Modern browsers (Chrome, Safari, Firefox) have implemented security measures to obfuscate local IP addresses using mDNS (Multicast DNS) by default (e.g., xxx.local). This prevents trivial local network scanning.
Public IP Leaks: However, public IP addresses often still leak, especially when users rely on proxy extensions or split-tunnel VPNs, because WebRTC operates outside the standard HTTP flow and communicates directly via UDP.
🛡️ Zero Trust & Remote Browser Isolation (RBI):
In an enterprise environment using a Zero Trust (RBI) browser, the WebRTC execution happens completely within an isolated cloud container. The STUN server only sees the cloud container's IP address, ensuring the real user's device IP is never exposed to the malicious website.