Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Anonimity & Security
How to disable WebRTC in Firefox and Chrome
Message
<blockquote data-quote="Prime" data-source="post: 229" data-attributes="member: 18"><p><strong>Content</strong></p><p>1. Brief information</p><p>2. Why is it not safe?</p><p>3. How to check</p><p>4. How to disable it</p><p>4.1 Firefox</p><p>4.2 Usage statistics.</p><p>4.3 Chrome/Chromium</p><p></p><p><strong>WebRTC</strong> (Web Real-Time Communication) is an open source technology that allows streaming data between browsers using point — to-point (p2p) technology.</p><p></p><p>WebRTC is built in by default in the latest versions of Firefox, Chrome/Chromium, and Opera, and allows you to connect between two or more browsers for video / audio calls and more.</p><p></p><h3>Why isn't it safe?</h3><p></p><p>The fact is that for a p2p connection, you need to know the real IP address and WebRTC shamelessly merges this information. Even if you are sitting under <strong>TOR</strong> / <strong>VPN</strong>, it will not be difficult to find out your local IP address on the network and on the side of, for example, a VPN server. And with the use of vulnerabilities, you can determine your real IP address, behind which you are hiding.</p><p></p><h3>How to check it</h3><p>To check the local IP address, use the page: <a href="https://diafygi.github.io/webrtc-ips/" target="_blank">https://diafygi.github.io/webrtc-ips/</a></p><p></p><p>The JavaScript code and description are available on the following page: <a href="https://github.com/diafygi/webrtc-ips" target="_blank">https://github.com/diafygi/webrtc-ips</a></p><p></p><p>To check whether the camera, audio, screen capture, etc. are enabled in the browser, follow the link: <a href="https://www.browserleaks.com/webrtc" target="_blank">https://www.browserleaks.com/webrtc</a></p><p></p><h3>How to disable it</h3><p></p><h4>Firefox</h4><p>We call the hidden software settings about:configin the address bar, search for the parameter <strong>media.peerconnection.enabled</strong>, and set it to false.</p><p></p><p>Code:</p><p>[ad name=»Responbl»]</p><p></p><p>In addition, you need to disable the following services::</p><p></p><h4>Google Safe Browsing</h4><p>Which merges your browsing history to Google. You need a warning that disabling Safe Browsing increases the risk of getting infected as a result of visiting a malicious site.</p><p></p><p>Code:</p><p>browser.safebrowsing.enabled</p><p>browser.safebrowsing.downloads.enabled</p><p>browser.safebrowsing.malware.enabled</p><p></p><h4>Firefox Statistics</h4><p>Sends stability and performance reports to Mozilla.</p><p></p><p>Code:</p><p>datareporting.healthreport.service.enabled</p><p>datareporting.healthreport.uploadEnabled</p><p></p><h4>Usage statistics.</h4><p>Code:</p><p>toolkit.telemetry.enabled</p><p></p><h4>Encrypted Media Extensions (DRM)</h4><p>A binary plugin with unknown source code that comes with Firefox starting with version V. 38. Allows you to play encrypted media content and use Netflix, etc. without Microsoft Silverlight. To completely remove the plugin, you need to install the EME-free version of the Firefox browser.</p><p>Code:</p><p>media.eme.enabled</p><p>media.gmp-eme-adobe.enabled</p><p></p><h4>Firefox Hello</h4><p>Firefox connects to third-party servers (Telefonica) without permission.</p><p></p><p>Code:</p><p>loop.enabled</p><p></p><h4>Integration with Pocket</h4><p>A third-party service for managing the list of articles that you have set aside for reading.</p><p></p><p>Code:</p><p>browser.pocket.enabled</p><p></p><h4>Geolocation</h4><p></p><p>Code:</p><p>geo.enabled</p><p></p><h4>Search suggestions</h4><p>Everything typed in the search bar is sent to the search engine. If you disable this option, suggestions will continue to work, but only based on the local search history.</p><p></p><p>Code:</p><p>browser.search.suggest.enabled</p><p></p><h4>Protection from site surveillance</h4><p>Unlike all the options listed above, you should enable this option instead. This is necessary to actively block sites that are known for their incorrect behavior in relation to tracking users. Not to be confused with DNT, which only "asks" sites not to track you. Here you can also apply a forced lock.</p><p></p><p>Code:</p><p>privacy.trackingprotection.enabled</p><p></p><h4>Chrome/Chromium</h4><p>It is disabled only by installing a small extension (~10 kb): WebRTC Block, although the local IP address of the browser does not stop shining.</p><p></p><p>Chromium and Firefox-based browsers support WebRTC technology for audio and video chats directly from the browser window. In addition to convenience, this feature has an unpleasant side effect.</p><p></p><p>In particular, WebRTC allows sending requests to STUN servers that return the user's local and public IP addresses. Such requests can be made using a script, so IP addresses are displayed using JavaScript.</p><p></p><p>Requests are sent bypassing the standard XMLHttpRequest procedure and are not visible from the developer console. You can't block them with plugins like AdBlockPlus or Ghostery. Thus, these queries can be used, for example, by advertisers to secretly track users.</p><p></p><p>On this demo page, you will see your own local and external IP address.</p><p></p><p><img src="https://cryptoworld.su/wp-content/uploads/2015/06/00338.jpg" alt="003" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>This code works in Firefox and Chrome. You can copy it to the developer console for testing.</p><p></p><p>Code:</p><p>//get the IP addresses associated with an account</p><p>function getIPs(callback){</p><p> var ip_dups = {};</p><p></p><p> //compatibility for firefox and chrome</p><p> var RTCPeerConnection = window.RTCPeerConnection</p><p> || window.mozRTCPeerConnection</p><p> || window.webkitRTCPeerConnection;</p><p> var mediaConstraints = {</p><p> optional: [{RtpDataChannels: true}]</p><p> };</p><p></p><p> //firefox already has a default stun server in about:config</p><p> // media.peerconnection.default_iceservers =</p><p> // [{"url": "stun:stun.services.mozilla.com"}]</p><p> var servers = undefined;</p><p></p><p> //add same stun server for chrome</p><p> if(window.webkitRTCPeerConnection)</p><p> servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};</p><p></p><p> //construct a new RTCPeerConnection</p><p> var pc = new RTCPeerConnection(servers, mediaConstraints);</p><p></p><p> //listen for candidate events</p><p> pc.onicecandidate = function(ice){</p><p></p><p> //skip non-candidate events</p><p> if(ice.candidate){</p><p>veloper console for testing.</p><p></p><p>Code:</p><p>//get the IP addresses associated with an account</p><p>function getIPs(callback){</p><p> var ip_dups = {};</p><p></p><p> //compatibility for firefox and chrome</p><p> var RTCPeerConnection = window.RTCPeerConnection</p><p> || window.mozRTCPeerConnection</p><p> || window.webkitRTCPeerConnection;</p><p> var mediaConstraints = {</p><p> optional: [{RtpDataChannels: true}]</p><p> };</p><p></p><p> //firefox already has a default stun server in about:config</p><p> // media.peerconnection.default_iceservers =</p><p> // [{"url": "stun:stun.services.mozilla.com"}]</p><p> var servers = undefined;</p><p></p><p> //add same stun server for chrome</p><p> if(window.webkitRTCPeerConnection)</p><p> servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};</p><p></p><p> //construct a new RTCPeerConnection</p><p> var pc = new RTCPeerConnection(servers, mediaConstraints);</p><p></p><p> //listen for candidate events</p><p> pc.onicecandidate = function(ice){</p><p></p><p> //skip non-candidate events</p><p> if(ice.candidate){</p><p></p><p> //match just the IP address</p><p> var ip_regex = /([0-9]{1,3}(.[0-9]{1,3}){3})/</p><p> var ip_addr = ip_regex.exec(ice.candidate.candidate)[1];</p><p></p><p> //remove duplicates</p><p> if(ip_dups[ip_addr] === undefined)</p><p> callback(ip_addr);</p><p></p><p> ip_dups[ip_addr] = true;</p><p> }</p><p> };</p><p></p><p> //create a bogus data channel</p><p> pc.createDataChannel("");</p><p></p><p> //create an offer sdp</p><p> pc.createOffer(function(result){</p><p></p><p> //trigger the stun server request</p><p> pc.setLocalDescription(result, function(){}, function(){});</p><p></p><p> }, function(){});</p><p>}</p><p></p><p>//Test: Print the IP addresses into the console</p><p>getIPs(function(ip){console.log(ip);});</p><p></p><p></p><p></p><p></p><p>The only extensions that block such requests are extensions that completely prohibit script execution, like NoScript for Firefox. Of course, there is also an option in the browser settings to disable scripts.</p><p></p><p><img src="https://cryptoworld.su/wp-content/uploads/2015/06/00424.jpg" alt="00424.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>Click to rate this post!</p><p></p><p>(c) <a href="https://cryptoworld.su/%D0%BA%D0%B0%D0%BA-%D0%BE%D1%82%D0%BA%D0%BB%D1%8E%D1%87%D0%B8%D1%82%D1%8C-webrtc-%D0%B2-%D0%B1%D1%80%D0%B0%D1%83%D0%B7%D0%B5%D1%80%D0%B5-firefox-%D0%B8-chrome/" target="_blank">https://cryptoworld.su/как-отключить-webrtc-в-браузере-firefox-и-chrome/</a></p></blockquote><p></p>
[QUOTE="Prime, post: 229, member: 18"] [B]Content[/B] 1. Brief information 2. Why is it not safe? 3. How to check 4. How to disable it 4.1 Firefox 4.2 Usage statistics. 4.3 Chrome/Chromium [B]WebRTC[/B] (Web Real-Time Communication) is an open source technology that allows streaming data between browsers using point — to-point (p2p) technology. WebRTC is built in by default in the latest versions of Firefox, Chrome/Chromium, and Opera, and allows you to connect between two or more browsers for video / audio calls and more. [HEADING=2]Why isn't it safe?[/HEADING] The fact is that for a p2p connection, you need to know the real IP address and WebRTC shamelessly merges this information. Even if you are sitting under [B]TOR[/B] / [B]VPN[/B], it will not be difficult to find out your local IP address on the network and on the side of, for example, a VPN server. And with the use of vulnerabilities, you can determine your real IP address, behind which you are hiding. [HEADING=2]How to check it[/HEADING] To check the local IP address, use the page: [URL]https://diafygi.github.io/webrtc-ips/[/URL] The JavaScript code and description are available on the following page: [URL]https://github.com/diafygi/webrtc-ips[/URL] To check whether the camera, audio, screen capture, etc. are enabled in the browser, follow the link: [URL]https://www.browserleaks.com/webrtc[/URL] [HEADING=2]How to disable it[/HEADING] [HEADING=3]Firefox[/HEADING] We call the hidden software settings about:configin the address bar, search for the parameter [B]media.peerconnection.enabled[/B], and set it to false. Code: [ad name=»Responbl»] In addition, you need to disable the following services:: [HEADING=3]Google Safe Browsing[/HEADING] Which merges your browsing history to Google. You need a warning that disabling Safe Browsing increases the risk of getting infected as a result of visiting a malicious site. Code: browser.safebrowsing.enabled browser.safebrowsing.downloads.enabled browser.safebrowsing.malware.enabled [HEADING=3]Firefox Statistics[/HEADING] Sends stability and performance reports to Mozilla. Code: datareporting.healthreport.service.enabled datareporting.healthreport.uploadEnabled [HEADING=3]Usage statistics.[/HEADING] Code: toolkit.telemetry.enabled [HEADING=3]Encrypted Media Extensions (DRM)[/HEADING] A binary plugin with unknown source code that comes with Firefox starting with version V. 38. Allows you to play encrypted media content and use Netflix, etc. without Microsoft Silverlight. To completely remove the plugin, you need to install the EME-free version of the Firefox browser. Code: media.eme.enabled media.gmp-eme-adobe.enabled [HEADING=3]Firefox Hello[/HEADING] Firefox connects to third-party servers (Telefonica) without permission. Code: loop.enabled [HEADING=3]Integration with Pocket[/HEADING] A third-party service for managing the list of articles that you have set aside for reading. Code: browser.pocket.enabled [HEADING=3]Geolocation[/HEADING] Code: geo.enabled [HEADING=3]Search suggestions[/HEADING] Everything typed in the search bar is sent to the search engine. If you disable this option, suggestions will continue to work, but only based on the local search history. Code: browser.search.suggest.enabled [HEADING=3]Protection from site surveillance[/HEADING] Unlike all the options listed above, you should enable this option instead. This is necessary to actively block sites that are known for their incorrect behavior in relation to tracking users. Not to be confused with DNT, which only "asks" sites not to track you. Here you can also apply a forced lock. Code: privacy.trackingprotection.enabled [HEADING=3]Chrome/Chromium[/HEADING] It is disabled only by installing a small extension (~10 kb): WebRTC Block, although the local IP address of the browser does not stop shining. Chromium and Firefox-based browsers support WebRTC technology for audio and video chats directly from the browser window. In addition to convenience, this feature has an unpleasant side effect. In particular, WebRTC allows sending requests to STUN servers that return the user's local and public IP addresses. Such requests can be made using a script, so IP addresses are displayed using JavaScript. Requests are sent bypassing the standard XMLHttpRequest procedure and are not visible from the developer console. You can't block them with plugins like AdBlockPlus or Ghostery. Thus, these queries can be used, for example, by advertisers to secretly track users. On this demo page, you will see your own local and external IP address. [IMG alt="003"]https://cryptoworld.su/wp-content/uploads/2015/06/00338.jpg[/IMG] This code works in Firefox and Chrome. You can copy it to the developer console for testing. Code: //get the IP addresses associated with an account function getIPs(callback){ var ip_dups = {}; //compatibility for firefox and chrome var RTCPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection; var mediaConstraints = { optional: [{RtpDataChannels: true}] }; //firefox already has a default stun server in about:config // media.peerconnection.default_iceservers = // [{"url": "stun:stun.services.mozilla.com"}] var servers = undefined; //add same stun server for chrome if(window.webkitRTCPeerConnection) servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]}; //construct a new RTCPeerConnection var pc = new RTCPeerConnection(servers, mediaConstraints); //listen for candidate events pc.onicecandidate = function(ice){ //skip non-candidate events if(ice.candidate){ veloper console for testing. Code: //get the IP addresses associated with an account function getIPs(callback){ var ip_dups = {}; //compatibility for firefox and chrome var RTCPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection; var mediaConstraints = { optional: [{RtpDataChannels: true}] }; //firefox already has a default stun server in about:config // media.peerconnection.default_iceservers = // [{"url": "stun:stun.services.mozilla.com"}] var servers = undefined; //add same stun server for chrome if(window.webkitRTCPeerConnection) servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]}; //construct a new RTCPeerConnection var pc = new RTCPeerConnection(servers, mediaConstraints); //listen for candidate events pc.onicecandidate = function(ice){ //skip non-candidate events if(ice.candidate){ //match just the IP address var ip_regex = /([0-9]{1,3}(.[0-9]{1,3}){3})/ var ip_addr = ip_regex.exec(ice.candidate.candidate)[1]; //remove duplicates if(ip_dups[ip_addr] === undefined) callback(ip_addr); ip_dups[ip_addr] = true; } }; //create a bogus data channel pc.createDataChannel(""); //create an offer sdp pc.createOffer(function(result){ //trigger the stun server request pc.setLocalDescription(result, function(){}, function(){}); }, function(){}); } //Test: Print the IP addresses into the console getIPs(function(ip){console.log(ip);}); The only extensions that block such requests are extensions that completely prohibit script execution, like NoScript for Firefox. Of course, there is also an option in the browser settings to disable scripts. [IMG alt="00424.jpg"]https://cryptoworld.su/wp-content/uploads/2015/06/00424.jpg[/IMG] Click to rate this post! (c) [URL='https://cryptoworld.su/%D0%BA%D0%B0%D0%BA-%D0%BE%D1%82%D0%BA%D0%BB%D1%8E%D1%87%D0%B8%D1%82%D1%8C-webrtc-%D0%B2-%D0%B1%D1%80%D0%B0%D1%83%D0%B7%D0%B5%D1%80%D0%B5-firefox-%D0%B8-chrome/']https://cryptoworld.su/как-отключить-webrtc-в-браузере-firefox-и-chrome/[/URL] [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Anonimity & Security
How to disable WebRTC in Firefox and Chrome
Top