TL;DR: You can send and receive data using TURN by encoding data into username and IPv6 UDP address. Say that you have a HTTPS website. Modern web safety forbids it from accessing insecure parts of the network using HTTP. This is usually not an issue, since signing a HTTPS certificate for a website is fairly… Continue reading Crossing the Mixed Content Boundary: abusing STUN/TURN as a Communication Channel