2021-11-07

Puzzled by why some sites, e.g. ebay today, appear to see our external internet address even though http and https are sent to a port within the house network from which they're forwarded through an ssh tunnel to an external computer on which they connect to its proxy. 

The below shows why, and the test on browserleaks.com showed first our actual address and then nothing after disabling this webrtc.
[Still puzzled as to how Comsol apparently gets the mac-address of the computer that's used for filling the software request, so the received installer ends up making a licence file for a computer with that ethernet card.]



https://blog.ipvanish.com/webrtc-security-hole-leaks-real-ip-addresses/
It’s easy to tell if your browser’s WebRTC settings are leaking your IP address. 
Just run a leak test on desktop or mobile: https://browserleaks.com/webrtc 
If the public IP address returning doesn’t match the IP address of your VPN, you’ve got a leak.

Firefox
Mozilla enables WebRTC by default in its Firefox browser on desktop and mobile, but disabling the protocol is a piece of cake. 
In the address bar, type about:config and set media.peerconnection.enabled to False.



https://github.com/diafygi/webrtc-ips

STUN IP Address requests for WebRTC
Demo: https://diafygi.github.io/webrtc-ips/
What this does
Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that.
Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.