# How a WebRTC leak works

1. The site sends a normal TCP request from the browser (or anti-detect browser).
2. The anti-fraud system responds and injects a script for a STUN request.
3. The browser makes a STUN request over UDP, bypassing the proxy from the real address, since we remember that the proxy or anti-detect browser may not support UDP.
4. If the IP address for the TCP connection and UDP differ, the user is exposed as using a proxy.<br>

   <figure><img src="https://3044836706-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3l0uO4OV4DD1gK4uKGC6%2Fuploads%2Fgit-blob-d9b830177f8875505865a898de2f7413a8c3804e%2Fimage.png?alt=media" alt=""><figcaption><p>The image and information were taken and translated from the article<a href="https://telegra.ph/Zachem-nuzhny-proksi-s-UDP-i-pri-chyom-tut-protechka-WrbRTC-v-Antike-12-19"> ZloyTeam</a></p></figcaption></figure>