Hacker News new | past | comments | ask | show | jobs | submit login
Crossing the Mixed Content Boundary: Abusing Stun/Turn as Communication Channel (yifangu.com)
1 point by gyf304 9 months ago | hide | past | favorite | 1 comment



Stun can also leak local IP info. A couple of years back I managed to satisfy myself and a co-researcher you could use a reference to a stun/turn instance to reveal local IP bindings behind the NAT. It's in the enumerated service capability list (I don't know the proper name for this but it was something the web clients of the day proferred when taken to the URL in the right way)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: