WebRTC can expose your real IP address even when you're using a proxy or VPN. Learn how WebRTC leaks work, how to test for them, and how to disable or fix them in Chrome, Firefox, Playwright, and Puppeteer.
You've set up a proxy. Your browser shows the right IP on whatismyip.com. You think you're anonymous.
Then a website runs a single JavaScript snippet and reads your real home IP — the one your ISP assigned — straight from the browser. No hacking required. No special tools. Just WebRTC.
This is a WebRTC IP leak, and it affects users of HTTP proxies, SOCKS5 proxies, and even many VPNs. This guide explains exactly how it works, how to test whether you're leaking, and how to fix it in every major environment.
WebRTC (Web Real-Time Communication) is an open standard built into all modern browsers that enables real-time peer-to-peer audio, video, and data transfer — directly between browsers, without a plugin or server relay for the media.
It powers:
Google Meet, Discord, Zoom (browser-based video/voice) WhatsApp Web calls Twitch low-latency streaming Browser-based screen sharing P2P file transfer tools (like WebWormhole)
WebRTC is extremely useful. It's also the source of one of the most common and dangerous privacy leaks in the proxy and VPN world.
When two browsers want to establish a direct connection, they need to know each other's IP addresses. This is handled by a process called ICE (Interactive Connectivity Establishment), which uses STUN servers to discover public IPs.
Here's what happens step by step:
The critical issue: step 4 happens regardless of your proxy settings. The STUN request goes out over UDP directly from the OS — it doesn't go through the browser's proxy configuration.
JavaScript on any webpage can trigger this with just a few lines:
No user permission required. No visible UI. Runs silently in the background.
Standard proxy protocols — HTTP CONNECT, HTTPS proxy, SOCKS5 — work at the application layer. They intercept your browser's HTTP/HTTPS traffic and route it through the proxy server.
WebRTC's STUN requests are UDP packets sent directly by the OS network stack, bypassing the browser's proxy settings entirely.
Even SOCKS5 proxies, which can support UDP via the UDP Associate extension, typically don't help here because:
Most SOCKS5 implementations don't enable UDP Associate WebRTC's ICE stack doesn't know to use the SOCKS5 UDP relay The STUN packets go out through the default network interface
VPNs are different — they operate at the OS/kernel level and intercept all traffic including UDP. A properly configured VPN routes WebRTC STUN traffic through the tunnel. However, split-tunnel VPNs and some implementations still leak.
Your real public IP (assigned by your ISP) is exposed via the STUN reflexive candidate. This is the primary leak that defeats proxy anonymity.
Your private LAN IP (e.g., 192.168.1.10) is exposed. Less dangerous for anonymity, but reveals your network topology and can be used for fingerprinting.
If your machine has an IPv6 address (most do in 2026), WebRTC can expose it even if you're using an IPv4 proxy. IPv6 addresses are often globally unique and directly tied to your ISP account.
Chrome and Firefox now replace local IPs with random mDNS hostnames (e.g., abc123.local) in local candidates to reduce LAN leaks. However, the public IP via STUN is still exposed unless you explicitly disable WebRTC.
Visit these while connected to your proxy or VPN:
browserleaks.com/webrtc — shows all ICE candidates including your real public IP ipleak.net — comprehensive leak test including WebRTC dnsleaktest.com — focused on DNS but also shows WebRTC
If the "WebRTC IP" shown differs from your proxy IP, you're leaking.
Open your browser's DevTools console while connected to a proxy and run:
Any IP that's not your proxy's IP is a leak.
Navigate to chrome://flags and disable:
#enable-webrtc-hide-local-ips-with-mdns → set to Disabled (this actually enables more exposure — leave it Enabled)
More effective: use a Chrome extension like WebRTC Leak Prevent or uBlock Origin (has WebRTC blocking built in under Settings → Privacy).
Or via command-line flag when launching Chrome:
Type about:config in the address bar Search for media.peerconnection.enabled Set it to false
This fully disables WebRTC in Firefox — no leak possible.
For scraping and automation, disable WebRTC via Chrome launch args:
Or block WebRTC API via addInitScript to intercept at the JavaScript level:
This approach is useful when you want to block the JavaScript API while still allowing the browser to function normally for all other traffic.