CA
Crawlee & Apify8mo ago
magic-amber

WebRTC IP leak?

Hi, so for the last couple days I am on a quest to evade detection for a project that proved to be quite challanging. As I researched the issue, I noticed that my real IP leaks through WebRTC with a default Crawlee Playwright CLI project. I see a commit to the fingerprint-suite that I think should prevent that, but based on my tests it doesn't. Does it need special setup or anything?
3 Replies
Hall
Hall8mo ago
View post on community site
This post has been pushed to the community knowledgebase. Any replies in this thread will be synced to the community site.
Apify Community
rival-black
rival-black8mo ago
Hi @Jeno It was already discussed here so you can read through it to find more details. In summary: our types in crawlee were not correct, that part will be fixed in the next release. But its just a typing issue, you can try using the mockWebRTC option. https://github.com/apify/crawlee/pull/2705
GitHub
WebRTC leak? · apify crawlee · Discussion #2701
I think the fingerprint-suite should handle any WebRTC leak, but it doesn't. Testing with a new Playwright project, WebRTC successfully leaks my real IP. I could not find any mention in the doc...
GitHub
fix: update fingerprintGeneratorOptions types by barjin · Pull Re...
Manually cross-checked assignability against the types (1,2) from fingerprint-suite. We should likely remove the enums below in the following breaking version too (in fingerprint-suite, we accept o...
deep-jade
deep-jade7mo ago
It seems, it should be something like this: 
    browserPoolOptions: {
        useFingerprints: true,
         operationTimeoutSecs: 30,
        maxOpenPagesPerBrowser: 10,
        closeInactiveBrowserAfterSecs: 200,
        fingerprintOptions: {
            useFingerprintCache: false,
            fingerprintGeneratorOptions: {
                devices: [DeviceCategory.desktop],
                // @ts-ignore
                mockWebRTC: true,
    browserPoolOptions: {
        useFingerprints: true,
         operationTimeoutSecs: 30,
        maxOpenPagesPerBrowser: 10,
        closeInactiveBrowserAfterSecs: 200,
        fingerprintOptions: {
            useFingerprintCache: false,
            fingerprintGeneratorOptions: {
                devices: [DeviceCategory.desktop],
                // @ts-ignore
                mockWebRTC: true,
After adding this - at least one of the bot detection sites stopped showing my real IP...

Did you find this page helpful?