One Leak is Enough to Expose Them All - From a WebRTC IP Leak to Web-based Network Scanning

Hazhirpasand Barkadehi, Mohammadreza; Ghafari, Mohammad (2018). One Leak is Enough to Expose Them All - From a WebRTC IP Leak to Web-based Network Scanning. In: 10th International Symposium on Engineering Secure Software and Systems (ESSoS), 2018. Lecture Notes in Computer Science: Vol. 10953 (pp. 61-76). Cham: Springer 10.1007/978-3-319-94496-8_5

[img] Text
Hazh18a.pdf - Accepted Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (522kB) | Request a copy

WebRTC provides browsers and mobile apps with rich realtime communications capabilities, without the need for further software components. Recently, however, it has been shown that WebRTC can be triggered to fingerprint a web visitor, which may compromise the user's privacy. We evaluate the feasibility of exploiting a WebRTC IP leak to scan a user's private network ports and IP addresses from outside their local network. We propose a web-based network scanner that is both browser- and network-independent, and performs nearly as well as system-based scanners. We experiment with various popular mobile and desktop browsers on several platforms and show that adversaries not only can exploit WebRTC to identify the real user identity behind a web request, but also can retrieve sensitive information about the user's network infrastructure. We discuss the potential security and privacy consequences of this issue and present a browser extension that we developed to inform the user about the prospect of suspicious activities.

Item Type:

Conference or Workshop Item (Paper)


08 Faculty of Science > Institute of Computer Science (INF)
08 Faculty of Science > Institute of Computer Science (INF) > Software Composition Group (SCG)

UniBE Contributor:

Hazhirpasand Barkadehi, Mohammadreza and Ghafari, Mohammad


000 Computer science, knowledge & systems




Lecture Notes in Computer Science






Oscar Nierstrasz

Date Deposited:

04 Jun 2019 17:15

Last Modified:

05 Nov 2019 06:18

Publisher DOI:


Uncontrolled Keywords:

scg-pub snf-asa2 snf18 scg18 jb18




Actions (login required)

Edit item Edit item
Provide Feedback