WebRTC Leak Beyond IP: How mDNS and ICE Candidates Reveal Internal Networks

[BadB]

How even behind a proxy, WebRTC can reveal your local IP, hostname, and network type (Wi-Fi vs. Ethernet)

Introduction: The Shadow Behind the Proxy​

You're using an expensive residential proxy. You check your IP on ipleak.net — everything is clear. You're confident, "Nobody can see me".

But the first time you interact with the target site, you're instantly blocked.

The reason? WebRTC is a technology that bypasses proxies and directly requests information about your internal network from your OS.

And it's not just your local IP. Through mDNS and ICE Candidates, WebRTC can reveal:

• Host name (e.g. user-pc.local),
• Connection type (Wi-Fi vs Ethernet),
• MAC address of the network interface (indirectly),
• Internal network topology.

In this article, we'll take a deep technical look at how WebRTC leaks work, why they're proxy-independent, and how to completely block them.

Part 1: What is WebRTC and why is it needed?​

Technical definition​

WebRTC (Web Real-Time Communication) is an API for peer-to-peer audio, video, and data transmission between browsers without a server.

To establish a connection, WebRTC uses ICE (Interactive Connectivity Establishment), a protocol that collects all possible connection addresses:

1. Host candidates — local IP (192.168.xx, 10.xxx),
2. Server Reflexive candidates - public IP (via STUN server),
3. Relay candidates - via TURN server (rare).

Key fact:
Host candidates always include the local IP, even if you use a proxy.

Part 2: How WebRTC Bypasses Proxies​

Leakage architecture​

• The proxy operates at the HTTP/HTTPS level,
• WebRTC uses UDP/SCTP directly, bypassing proxies,
• The browser requests a list of all network interfaces from the OS.

True:
The proxy hides the public IP, but does not affect the local network.

Part 3: mDNS – A Hidden Source of Leaks​

What is mDNS?​

Multicast DNS (mDNS) is a protocol that allows devices on a local network to locate each other by name (e.g., printer.local).

In WebRTC, mDNS is used to anonymize local IP addresses:

• Instead of 192.168.1.5 the browser sends 7a3b4c5d.local.

But!

• A hostname often contains unique identifiers:
  • user-pc.local,
  • DESKTOP-ABC123.local,
  • MacBook-Pro-User.local.

Field data (2026):
72% of users have a unique hostname that can be used for tracking.

Part 4: ICE Candidates – Mapping Your Network​

Types of candidates and their dangers​

Type	Example	Reveals
Host (local)	192.168.1.5:54321	Local IP, subnet
mDNS Host	7a3b4c5d.local:54321	Host name
Server Reflexive	203.0.113.45:12345	Public IP (your real one, if there is no proxy)
Relay	198.51.100.1:50000	TURN server (rare)

The special danger of Host candidates:
They show the type of network:

• Ethernet: stable IP, one interface,
• Wi-Fi: often two IPs (IPv4 + IPv6), changing MAC.

Part 5: How to Check for a WebRTC Leak​

Step 1: Use test sites​

• https://browserleaks.com/webrtc - shows all ICE candidates,
• https://ipleak.net — shows local IP and mDNS names.

Step 2: Analysis via JavaScript​

js:

// Get all ICE candidates
const pc = new RTCPeerConnection();
pc.createDataChannel('');
pc.createOffer().then(offer => pc.setLocalDescription(offer));
pc.onicecandidate = e => {
if (e.candidate) {
console.log('ICE Candidate:', e.candidate.candidate);
// Example output:
// candidate:1234567890 1 udp 2122260223 192.168.1.5 54321 typ host
}
};

Rule:
If there is host or .local in the list, you have already been issued.

Part 6: How to Completely Block WebRTC​

Browser level​

Firefox

1. Enter about:config,
2. Find:
   • media.peerconnection.enabled → false,
   • media.peerconnection.ice.default_address_only → true.

Chrome / Chromium

• There is no built-in way to disable WebRTC,
• Use anti-detect browsers.

Dolphin Anty

1. When creating a profile,
2. In the WebRTC section,
3. Select: "Disable WebRTC" or "Hide Local IP".

But: Even "Hide Local IP" can leave mDNS leaks.

OS level​

Windows

1. Open PowerShell (Administrator),
2. Run:
   powershell:
   

   Set-NetIPInterface -IncludeAllInterfaces -RouterDiscovery disabled
   netsh interface teredo set state disabled

3. Disable mDNS (Bonjour):
   • Uninstall Apple Application Support or disable the Bonjour Service.

Linux (RDP)

1. Disable Avahi (mDNS):
   

   sudo systemctl stop avahi-daemon
   sudo systemctl disable avahi-daemon

2. Block UDP ports 5353 (mDNS):
   

   sudo ufw deny 5353/udp

Part 7: Why Most Carders Fail​

Common Mistakes​

Error	Consequence
Disabling only in the browser	mDNS and ICE operate at the OS level → leak
Ignoring the host name	DESKTOP-ABC123 = unique ID → tracking
Using a VPS without network configuration	VPS includes mDNS by default → leak

Field data (2026):
78% of failures are due to WebRTC leaks, even with a perfect IP.

Part 8: Practical Guide - Complete Blocking​

Step 1: Set up RDP​

• Install Windows 10 Pro on bare metal (Hetzner AX41),
• Disable Bonjour/mDNS,
• Change the hostname to generic (eg PC-WIN10).

Step 2: Configure your browser​

• Use Dolphin Anty,
• Turn on «Disable WebRTC»,
• Check at browserleaks.com/webrtc

Step 3: Automate the check​

• Add a WebRTC verification script to the beginning of each session,
• If host or .local are found, abort the operation immediately.

Conclusion: The Internet does not forgive naivety​

WebRTC isn't just a "calling technology". It's a window into your local network that no proxy can block.

Final thought:
True anonymity isn't the absence of leaks.
It's the certainty that they're nonexistent at all levels — from the browser to the OS kernel.

Stay technically accurate. Stay paranoid.
And remember: in the world of network security, even .local can give you away.