Disable WebRTC (ip leaks) CefSharp

Having problems with building or using the CefGlue .NET/Mono binding? Ask your questions here.

Moderator: fddima

Re: Disable WebRTC (ip leaks) CefSharp

Postby fddima » Mon Mar 15, 2021 5:12 pm

tech5678 wrote:
Code: Select all
set GN_DEFINES=is_component_build=true enable_webrtc=false

After building and running the sample cefclient.exe, browsing to https://browserleaks.com/webrtc, WebRTC is still enabled and they are able to get various hardware ID's.

There is no more exist enable_webrtc build parameter, and i'm believe you can't just disable this module easy as it was in past.

"webrtc.ip_handling_policy", "webrtc.udp_port_range", "webrtc.event_logs_collection", "webrtc.local_ips_allowed_urls" and "webrtc.allow_legacy_tls_protocols" are seems like valid preferences which you may configure. Changing them doesn't requires custom builds, and you might end with good enough results without custom build. You also can check chrome flags related to WebRTC.

Is there somewhere else this change must be made?

If nothing helps, then there is always possible disable it hardly via blink patching. There is exist and other techniques, like script injection, but they less reliable (but more flexible).

I found an interesting post on StackOverflow where someone claims to have turned it off through modification of common.gypi (https://stackoverflow.com/questions/357 ... c-ip-leaks), which is now in a different file path, but at almost 5 hours to compile, I'd like to get validation of the idea of it first, since I don't see any mention of this anywhere else.

Nowadays you don't need to care about GYP, as it is tool used before GN. Just ignore it. Everything configurable can be configured via GN.
fddima
Master
 
Posts: 788
Joined: Tue Dec 07, 2010 6:10 am

Re: Disable WebRTC (ip leaks) CefSharp

Postby tech5678 » Tue Mar 16, 2021 11:06 am

fddima wrote:"webrtc.ip_handling_policy", "webrtc.udp_port_range", "webrtc.event_logs_collection", "webrtc.local_ips_allowed_urls" and "webrtc.allow_legacy_tls_protocols" are seems like valid preferences which you may configure. Changing them doesn't requires custom builds, and you might end with good enough results without custom build.

Although I was able to hide the IP by setting webrtc.ip_handling_policy to disable_non_proxied_udp, all device ID's are still revealed which is an even bigger fingerprint. Any idea how to block device access?

Is there any reference with examples of the various preferences and the values you would pass? I've looked and can't find one, but maybe I've just not stumbled across it yet.

fddima wrote:You also can check chrome flags related to WebRTC.

I assume you mean what's available via chrome://about. I don't see anything there, but wasn't expecting to since all references I can find about Chrome specifically are that it needs an extension to disable WebRTC. That said, it is possible to block WebRTC and hardware access. The Chrome plugin WebRTC Control blocks these:

a. navigator.getUserMedia
b. window.MediaStreamTrack
c. window.RTCPeerConnection
d. window.RTCSessionDescription

When they are disabled, it looks like you don't even have a camera, microphone etc. (See https://mybrowseraddon.com/webrtc-control.html)

Any thoughts on how to mimic that functionality?
tech5678
Techie
 
Posts: 10
Joined: Fri Aug 14, 2020 11:01 am

Re: Disable WebRTC (ip leaks) CefSharp

Postby fddima » Tue Mar 16, 2021 11:59 am

tech5678 wrote:Although I was able to hide the IP by setting webrtc.ip_handling_policy to disable_non_proxied_udp, all device ID's are still revealed which is an even bigger fingerprint. Any idea how to block device access?

Patch code / implement own functionality or put workarounds (below).

Is there any reference with examples of the various preferences and the values you would pass? I've looked and can't find one, but maybe I've just not stumbled across it yet.

I'm don't believe what there is some reference for this. Most of time it is easier to look in chromium's code (for me).

fddima wrote:The Chrome plugin WebRTC Control blocks these:
a. navigator.getUserMedia
b. window.MediaStreamTrack
c. window.RTCPeerConnection
d. window.RTCSessionDescription
Any thoughts on how to mimic that functionality?


I'm never look at this extension, because I'm feel there is nonsense, to solve privacy task(s), by installing third party code which may handle events which no one should handle except you (request interception, script injection, etc.). IMO - chrome extensions is big bullshit in that sense. But you always can look at extension's source code and try understand what it do.

(Workaround) Generally, there is exist other technique: you always can execute own script at CefRendererProcessHandler::OnContextCreated. I'm doesn't remember if this objects already present in global/window at this time (but most of them should present). So script might remove this interfaces or substitute them with own implementations (doing this right is not easy as this initially looks). However, nowadays, this callback is not called for non-browser originated contexts (Workers, ServiceWorkers), so altered objects will be original in this contexts => sometimes for some tasks this might be not reliable, but still good simple way to customize context (and more important - doesn't require custom CEF build).
fddima
Master
 
Posts: 788
Joined: Tue Dec 07, 2010 6:10 am

Re: Disable WebRTC (ip leaks) CefSharp

Postby ndesktop » Tue Mar 16, 2021 4:51 pm

I would go on and say a custom build would be the way to go. Since the dissapearance of webrtc build flag I do not think the other workarounds are covering all the places.
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am

Re: Disable WebRTC (ip leaks) CefSharp

Postby fddima » Wed Mar 17, 2021 3:02 am

Actually i don't think what just disabling WebRTC will provide any good result in the end.

Simply removing feature can be treated as negative score by fingerprinters. Absense of unique media list (which by default don't expose real device ids, but pretty unique) again might lead to negative score. :-) Running chrome 89 without WebRTC? -> negative score. There is not easy task with own compromises.
fddima
Master
 
Posts: 788
Joined: Tue Dec 07, 2010 6:10 am

Previous

Return to CefGlue Forum

Who is online

Users browsing this forum: No registered users and 13 guests