Comment by NoahZuniga
5 days ago
This is not unique to WebRTC. The same result could be achieved by sending a http request to localhost. The only difference in this case is that using WebRTC doesn't log a http request
5 days ago
This is not unique to WebRTC. The same result could be achieved by sending a http request to localhost. The only difference in this case is that using WebRTC doesn't log a http request
The browser could refuse to connect to localhost. I think there are browsers that refuse (i.e. to prevent attacking a router config interface).
I doubt anyone is running a browser on their router.
But still, you could do the same for stun, turn, sdp. Disallow local host.
That's literally what browsers have done (for STUN) and are working on (for TURN).