-
-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
possible ip leak #2611
Comments
more background info and investigations background:
investigations:
hope this helps |
and so it is correct that the real IP is shown, there is no proxy between you and the internet
remind me what that instruction is supposed to do? |
well, let me rephrase it first, bromite should blocks webrtc. am i correct? although this should not be webrtc related second, it was connected via socks proxy server (not http/https), so it should not reveal your ip, right finally, i had 2 tabs connected, but only one tab (iplocation for |
just tried using https://github.com/jgaa/shinysocks |
i have set some https proxies in "use a single proxy list for all". you may guess it's the x-fordwarding issue by the https servers, but why only iplocation.io leaks my ip? i have tested several times with both iplocation.io and browserleaks.com, plus a few others, and only iplocation.io failed to hide my ip second, i have also included those domain in the exclude list, in the form of: third, all traffic from bromite will be forwarded to socks5 proxies ultimately. ie, bromite -> https proxies (if not excluded) -> socks5 proxies i have checked my headers received from https://manytools.org/http-html-text/http-request-headers/, the real ip is the proxy ip too so why iplocation.io can read my ip? also, didi you see your ip there? |
Just an idea, but this might be a proxy configuration at work. By default, many proxy servers use X-Forwarded-For header to identify the origin IP. This might be helpful in various situations, but this also may be why you're seeing your origin IP. You're stating that you're connecting to one of the proxies via HTTP, even though some of them use another upstream SOCKS proxies. This, actually, might be enough to keep the header in the request. |
you are right, but i have checked via manytools.org i mentioned above, the x forwarder there always show the proxy ip address as to illustrate the problem encounted clearly, i have set to bypass all domains involved in the screenshot below, where i opened 3 bromite windows connected to a single upstream socks5 proxy x.x.40.168, ie no http proxy involved the image is a bit large or otherwise the text cant be shown clearly |
Preliminary checklist
Can the bug be reproduced with corresponding Chromium version?
No
Bromite version
108.0.5359.156
Device architecture
arm64
Android version
12.1
Device model
samsung tab s6
Changed flags
no flags changed
Is this bug about the SystemWebView?
No
Is this bug happening in an incognito tab?
Yes
Is this bug caused by the adblocker?
No
Is this bug a crash?
no
Describe the bug
possible real ip leaks, connected to the internet via proxy server
tested with:
bromite (screenshots below)
tab 1 - https://browserleaks.com/ip (no leak)
tab 2 - https://iplocation.io/ (leaked)
official firefox (leaked, known for webrtc ip leak on android)
kiwi browser with all extension off (no leak)
Steps to reproduce the bug
goto https://iplocation.io/ and real ip shown (including incognito mode)
Expected behavior
not leaking real ip
Screenshots
tab 1, bromite, https://browserleaks.com/ip, no ip leaked
tab 2, bromite, https://iplocation.io/, ip leaked
The text was updated successfully, but these errors were encountered: