Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent webRTC leaks in the chrome browser #328

Open
petrpatek opened this issue Oct 31, 2024 · 2 comments
Open

Prevent webRTC leaks in the chrome browser #328

petrpatek opened this issue Oct 31, 2024 · 2 comments
Assignees
@barjin
Labels
t-tooling Issues with this label are in the ownership of the tooling team.

Comments

@petrpatek
Copy link
Contributor

petrpatek commented Oct 31, 2024
edited
Loading

Describe the feature
A feature to prevent WebRTC leaks in Chrome, specifically to secure real/local IP information.

Motivation
For web scraping, preventing WebRTC leaks is essential. Blocking IP leaks through WebRTC helps maintain the scraper’s anonymity, even when using VPNs or proxies, reducing the risk of detection and IP exposure.

Constraints

  • Ensure that this feature does not interfere with WebRTC functionality in contexts where it’s intentionally enabled.
  • Maintain minimal impact on browser performance during scraping sessions.

Proposed solution for Chrome
I have tested this one in Chrome in the unblocking project I am working on, and it worked. see the attached screenshot.

const script = `
const inject = () => {
    if (window.hasRunWebRTCControl) return;
    window.hasRunWebRTCControl = true;

    // Override RTCPeerConnection to prevent IP leaks
    const OriginalRTCPeerConnection = window.RTCPeerConnection;
    function RTCPeerConnectionModified(config, constraints) {
        if (config && config.iceServers) config.iceServers = [];
        return new OriginalRTCPeerConnection(config, constraints);
    }
    RTCPeerConnectionModified.prototype = OriginalRTCPeerConnection.prototype;
    window.RTCPeerConnection = RTCPeerConnectionModified;

    // Disable getUserMedia for camera/microphone access
    navigator.mediaDevices.getUserMedia = () => Promise.reject(new Error('getUserMedia is disabled.'));

    console.log("WebRTC protection injected");
};
inject();
`;

// Inject the script at page load
await page.addInitScript(script);

I am not sure if this is the right repository for this particular issue since I see there is already a code for it, but it is not used in any of our crawlers.

Before in default playwright crawler:
Screenshot 2024-10-31 at 12 18 46

After:
Screenshot 2024-10-30 at 15 37 53
@B4nan
Copy link
Member

B4nan commented Oct 31, 2024

I believe we already have something like this, its just not enabled by default, cc @barjin

fingerprint-suite/packages/fingerprint-injector/src/utils.js

Line 487 in d8dbd21

function blockWebRTC() {

@barjin
Copy link
Collaborator

barjin commented Oct 31, 2024

Yes, you can effectively disable WebRTC in the browser by generating a fingerprint with mockWebRTC: true (and injecting it). As far as I remember, the patch creates a Proxy object that catches all function calls and just immediately resolves with undefined (and does this recursively) - something like your patch for navigator.mediaDevices.getUserMedia.

Can you please verify that mockWebRTC works for you? If it broke in some cases, I'm more than happy to switch for your implementation - I always thought the current one was a little bit crude. Cheers!

@B4nan B4nan added the t-tooling Issues with this label are in the ownership of the tooling team. label Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barjin barjin

Labels
t-tooling Issues with this label are in the ownership of the tooling team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@B4nan @petrpatek @barjin