A user's IP address is typically leaked by WebRTC, even when using a proxy. This is a big deal for security, but not why I'm interested. Some sites, like www.omegle.com, create video chats based off WebRTC. Unfortunately, they're acting in bad faith, using WebRTC to detect your real IP address outside of the VPN tunnel and then blocking users with proxied connections by comparing your leaked, real IP with the fake one supplied by regular HTTP requests.
My question is, in Chrome, is it possible to spoof the IP address that WebRTC "discovers", either through browser modifications or injectable javascript?
My goal is NOT to disable WebRTC but to modify the IP that it discovers to match what the proxy gives the remote server.
Example test site: https://www.expressvpn.com/webrtc-leak-test
I see in Chrome that there are a number of options for internal settings:
chrome.privacy.IPHandlingPolicy.DEFAULT
chrome.privacy.IPHandlingPolicy.DEFAULT_PUBLIC_AND_PRIVATE_INTERFACES
chrome.privacy.IPHandlingPolicy.DEFAULT_PUBLIC_INTERFACE_ONLY
chrome.privacy.IPHandlingPolicy.DISABLE_NON_PROXIED_UDP
...but nothing for proxying that UDP traffic. Any help would be appreciated!
When you initiate a WebRTC connection you firstly create RTCPeerConnection object (part of javascript api).
Then you call createAnswer/createOffer method on it which starts the process of gathering "candidates".
Some of the candidates are your local IP addresses or your address behind the NAT (ones that are displayed on www.omegle.com). Others are "relay" candidates; they don't contain your ip address, but rather a turn address, which is a proxy for routing WebRTC traffic.
In candidates list you should see both your local IP addresses and proxied via vpn. If you filter out local candidates then you can deceive the websites that are trying to block you.
I believe it should be possible to mock RTCPeerConnection with browser extension and make it filter candidates list. There's a plugin webrtc-network-limiter for chrome that restricts candidates to proxied-only. This makes me think there must be a way of filtering out local IP addresses as well (though i don't have much experience with browser modding).
The other way would be to modify the js code of a website you want to fool. If it's an option then you should look for candidates in createOffer/createAnswer result and onicecandidate callback. Filtering them and passing back to original website handlers should do the trick.