STUN Protocol IP Exposure Tool by WebSec

Gray Oshin
11 September, 2023

In an era dominated by instant messaging applications, messangers such as Telegram and Signal have become a preferred choice for millions worldwide. Its robust security features and encrypted communication have instilled a sense of privacy among its users.

However, a new software tool capable of intercepting STUN traffic within these chat applications, potentially unmasking user identities, has surfaced. Now, let’s explore this underlying technology, delving into STUN, its significance in modern communication protocols, and the implications of such a tool on privacy and security.

What you should know about the STUN Interception Tool by WebSec

The STUN Interception Tool by WebSec is a software application that leverages the principles of STUN to intercept and decode the traffic generated during Peer-2-Peer communication. By exploiting a known vulnerability in the protocols used by these applications, the tool adds a supplementary menu in the application itself through so called 'DLL Injection' techniques. This menu allows users to unmask the identities of call participants by revealing their IP addresses. 

This software is now applicable not only to Telegram but also to Signal and Session.

The Inner Workings: How to Use the Tool

Highlighted below are the steps you need to know to use this tool:

Opening Telegram/Signal/Session: To start using the Interception software, begin by launching your Telegram application. Once the application is open, navigate to the intercept tab in the app's settings or preferences section. From there, you can enable interception, an essential step as it allows the software to capture and analyze data during calls.

Open STUNMon.exe (Loader): Launch the "STUNMon.exe" application. This serves as the loader for the Telegram STUN Interception Tool.

Ensure your process of choice is running: Ensure the messaging application you want to target (Telegram, Signal, or Session) is already running on your computer.

In the Loader select the target process [Telegram, Signal, or Session]. Within the "STUNMon.exe" loader, there should be an option to choose the messaging application you want to work with. Select the appropriate one among Telegram, Signal, or Session.

In the Loader press the [Load] button: After selecting the target messaging application, click the "[Load]" button in the loader. This action prepares the tool to interact with the chosen application.

Wait for the message 'Injected Successfully': Once the "[Load]" button is clicked, the loader will work to inject the necessary components into the selected messaging application. Wait for a message that confirms successful injection, which should say "Injected Successfully."

Menu Integration: A new menu is seamlessly integrated into the Telegram interface. In the messaging application (Telegram, Signal, or Session), press the "[Insert]" key on your keyboard. This action will toggle the visibility of the tool's menu within the application.

STUN Traffic Interception: In the messaging application's tool menu, navigate to the "Intercept" tab. Enable the option labeled "Interception." This setting allows the tool to intercept and gather additional information during a call.

With interception turned on, call any user in your contact list within the Telegram application. As the call is made, the tool should reveal the IP addresses of the call participants, effectively unmasking their identities. When a user initiates a call, the tool intercepts the IP address of the peer (the user making the call) as it tries to connect to the computer.

User Acceptance: The next important step is to obtain user consent and display their IP address after enabling the interception process in the Intercept tab. User consent plays a role in adhering to privacy regulations and ethical standards. Once the call recipient agrees to the call, our tool examines the exchanged STUN packets. Our tool reveals the user's IP address by leveraging a vulnerability in the protocol.

What You Should Note:

  • For Telegram a user must pick up a call first before his IP will appear
  • For Signal, you only need to place a call; the user does not have to pick up the call for IP to appear.
  • For sessions, the user must enable calls first, as calls are disabled by default.

Some Exceptions Worth Knowing:

  • Symmetric NAT's: Evidently, this won't work for these people
  • VPN's: You will likely see the VPN IP
  • Disabled P2P: Some apps have a feature to disable P2P / relay traffic through custom servers; this will also prevent this from working. However, by default, this is not enabled.
  • Unknown Reasons: In some cases, the reason why it may not show an IP address or the wrong IP address could be unknown, just keep in mind that this software does not guarantee 100% success.

Understanding STUN: A Gateway to Network Traversal

STUN (Session Traversal Utilities for NAT) is a network protocol commonly utilized in real-time communication applications to address the challenges of NAT traversal. NAT is a barrier between a network and the internet, enabling multiple devices to share one public IP address. This can complicate communication between devices behind different NATs. STUN serves as a bridge, helping devices identify their IP addresses and the type of NAT they are connected to, thus facilitating efficient peer-to-peer communication.

Telegram's Utilization of STUN

Like many other modern communication applications, Telegram uses a technique called STUN to enhance the quality of voice and video calls. STUN helps Telegram servers optimize how media streams are routed between users. When two users are on a call, their devices send STUN requests to Telegram servers, which then reply with the IP address and port details of their devices. This information allows for a connection between the users, reducing delay and improving call quality.

By employing the STUN protocol, Telegram can accurately determine the IP addresses and NAT types of its users' devices. This ensures the exchange of messages and media between them. Without STUN, connectivity issues would hinder Telegram communication and limit direct device-to-device interaction. Therefore, integrating STUN into Telegram is crucial for providing a dependable messaging service.

How STUNMon Works

STUNMon functions by intercepting and monitoring the Remote Procedure Calls (RPC) made within the vulnerable application. It captures and analyzes the transmitted data. This enables information extraction, including call duration participants involved in calls and associated IP addresses. 

Furthermore, STUNMon offers a memory editor that allows developers to actually edit with the process memory (For experienced users). This empowers users to identify any unauthorized activities transpiring on the Telegram platform.

By providing insights into communication data, STUNMon aids in detecting security breaches or unauthorized access attempts. Moreover, its real-time monitoring feature enables response and mitigation of identified threats, bolstering overall security on secure chat applications.


The STUN Interception Tool serves as a reminder of the complex realm of network protocols and the delicate balance between security, privacy, and innovation. By intercepting STUN traffic, this tool brings forth inquiries about the utilization of technology and the need for strong security measures in communication apps. As our digital environment keeps advancing, it becomes crucial for developers, users, and policymakers to engage in conversations that guarantee the ethical use of tools that affect privacy and security in our interconnected world.

WebSec's Telegram STUN Interception Tool offers a unique perspective on network protocols and potential vulnerabilities in communication applications. In place of this, it is a recommendable tool because it encourages ethical technology usage and proactive dialogue among stakeholders to ensure responsible innovation and safeguard privacy and security in our interconnected society.

Download STUNMon


Authored By
Gray Oshin

A Team Member at Websec

Share with the world!

Need Security?

Are you really sure your organization is secure?

At WebSec we help you answer this question by performing advanced security assessments.

Want to know more? Schedule a call with one of our experts.

Schedule a call
Authored By
Gray Oshin

A Team Member at Websec