Comment by ale42
5 days ago
As far as I understand it, it is supposed to be a scan done by the browser on the user's computer, not an external scan, which a browser extension wouldn't be able to detect.
5 days ago
As far as I understand it, it is supposed to be a scan done by the browser on the user's computer, not an external scan, which a browser extension wouldn't be able to detect.
Hopefully should soon be a thing of the past with https://developer.chrome.com/blog/local-network-access
I see. So the website would try to access private IP adresses (RFC 1918) by having elements like <iframe src="http://10.0.0.1"> in the web site and then the web site would check if the iframe was loaded successfully?
It could also just try making the request with javascript. Or try a websocket connection.