Skip to content
July 12, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • Technique
  • How to use WebRTC to get viewer’s IP address
  • Technique

How to use WebRTC to get viewer’s IP address

Do Son September 18, 2017 4 minutes read
WebRTC bug

What is WebRTC?

In the conventional video communication, people often need to use a third-party server as a transit, such as B and B want to communicate through the video, then they need to establish a channel with the third-party server, A and the server to establish a channel, B, and the server to establish a channel. As a result, both sides of the video fluency will be and third-party server channel bandwidth between the restrictions, when multiplayer video, the communication efficiency will be greatly limited. People want to have a third-party server without a point-to-point direct transmission of video data protocol, so with the WebRTC. WebRTC, an abbreviation derived from web real-time communication, is an API that supports web browsers for real-time voice conversations or video conversations. It was opened on June 1, 2011, and was included in the W3C Recommendation of the World Wide Web Consortium under the auspices of Google, the Mozilla Foundation, and Opera. WebRTC has the following components

  1. Video Engine (VideoEngine)
  2. Audio Engine (VoiceEngine)
  3. Conference Management
  4. iSAC: Audio compression
  5. VP8: Video codec for Google’s own WebM project
  6. APIs (Native C ++ API, Web API)

Explore WebRTC

WebRTC mainly implements three categories of interfaces:

  • MediaStream: Through the MediaStream API through the device’s camera and microphone to get video, audio synchronization stream
  • RTCPeerConnection: RTCPeerConnection is a component of WebRTC used to build stable and efficient streaming between point-to-point
  • RTCDataChannel: RTCDataChannel enables a high-throughput, low-latency channel between browsers (point-to-point) to transfer arbitrary data

These three types of interfaces are responsible for three main directions: – MediaStreamResponsible for obtaining the audio and video streams of the unit – RTCPeerConnectionresponsible for establishing an effective and stable point-to-point connection – RTCDataChannelresponsible for transmitting data

To create a WebRTC connection, you need to complete the above three steps, the following look at the specific implementation steps.

MediaStream

To access the native camera and microphone, you need to get the native MediaStream

var streamToAttach;
navigator.webkitGetUserMedia({ audio: true, video: true }, function (stream) {
video.src = webkitURL.createObjectURL(stream);
streamToAttach = stream;
}, function(error) {
alert(error);
});

Firefox interface name is different:

code code=”javascript”>
var streamToAttach;
navigator.mozGetUserMedia({ audio: true, video: true }, function (stream) {
video.mozSrcObject = stream;
video.play();
streamToAttach = stream;
}, function(error) {
alert(error);
});
</code>

PeerConnection

WebRTC uses the PeerConnection interface to create a point-to-point connection. Let’s start by creating a Peer

var peerConnection = new webkitRTCPeerConnection(
{ “iceServers”: [{ “url”: “stun:stun.l.google.com:19302” }] }
);

We can use Google’s STUN server: stun:stun.l.google.com:19302Firefox use mozRTCPeerConnectionand then set the peer object event handler:

peerConnection.onicecandidate = onicecandidate;
peerConnection.onaddstream = onaddstream;
peerConnection.addStream (streamToAttach);

As a video request originator, issue a video request:

<pre>

peerConnection.createOffer(function (sessionDescription) { peerConnection.setLocalDescription(sessionDescription);</p><pre><code>

}, function(error) { alert(error); }, { ‘mandatory’: { ‘OfferToReceiveAudio’: true, ‘OfferToReceiveVideo’: true } });

As a responder, you need to process the requestor’s SDP and send its own response to SDP:

peerConnection.setRemoteDescription(new RTCSessionDescription(offerSDP));

 Create a response SDP:

peerConnection.createAnswer(function (sessionDescription) { peerConnection.setLocalDescription(sessionDescription);

}, function(error) { alert(error); }, { ‘mandatory’: { ‘OfferToReceiveAudio’: true, ‘OfferToReceiveVideo’: true } });

After the requester receives the response SDP:

peerConnection.setRemoteDescription(new RTCSessionDescription(answerSDP));
&lt;/pre>&lt;/p>

&lt;p>&lt;p></code></p>

<h3>RTCDataChannel</h3>

<p>RTCDataChannel<code>DataChannel</code><code>PeerConnection</code> You can create a RTCDataChannel with the createDataCHannel method on the peer object</p>

<pre><code code=”javascript”>
channel = pc.createDataCHannel(“someLabel”);

DataChannel uses almost the same way as WebSocket, with several events:
  • onopen
  • onclose
  • onmessage
  • onerror

At the same time it has several states that can be obtained by readyState:

  • connecting: The browser is trying to create a channel
  • open: build success, you can use the send method to send data
  • closing: The browser is a closing channel
  • closed: the channel has been closed

Two exposed methods:

  • close(): used to close the channel
  • send (): used to send data to the other party via channel

run code

Since WebRTC will send a local address SDP to each other during the connection process, it can access the visitor’s IP by accessing the SDP:

&lt;html>
&lt;body>
Local description:
&lt;div id=”localdescription”>
&lt;/body>
&lt;/html

After the visit as shown in Figure:

red box that is the current network ip.

Reference: webrtc

Share this article:

Facebook Post LinkedIn Telegram
Tags: WebRTC

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-61447CVSS 10.0
    PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that...
  • CVE-2026-61445CVSS 9.9
    PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
  • CVE-2026-60090CVSS 9.8
    PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
  • CVE-2026-57827CVSS 10.0
    The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload...
  • CVE-2026-57828CVSS 9.0
    The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file...
  • CVE-2026-14480CVSS 9.9
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the...
  • CVE-2026-20744CVSS 9.8
    The charging station websocket endpoint accepts connections without proper authentication, which could...
  • CVE-2026-57807CVSS 9.8
    Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
  • CVE-2026-55879CVSS 9.3
    OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the...
  • CVE-2026-12761CVSS 9.8
    The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.