-
-
Notifications
You must be signed in to change notification settings - Fork 521
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Brute force on found streams #263
Comments
Hi @analyserdmz ! That's a great suggestion, and shouldn't be too difficult to implement :) I'd have it optionally enabled though, as most users mainly want to know the user/password and can usually use those to find all of the routes through the admin panel of the camera using the credentials. I'll take a look into this today actually, but I don't have any cameras with multiple concurrent routes at home at the moment, so it might not be easy to test it out and I might need some help. If I were to make a prototype with this feature, would you be able to test it out on your own cameras? :) |
Are you kidding me? Count me in!!! hehe! |
Of course :) In the meantime I released the v5 of Cameradar with a similar feature, which is that Cameradar no longer stops after finding one route, it tries all of the routes from the dictionary. This makes your suggestion even more convenient to implement, as we now just need to be able to identify the routes that are incremental ( I'll let you know when a proof of concept is ready for testing, thanks again! :))) |
That may help on future routes updates ;) |
Goddamn, if I had known they had an XML file containing all of the sources, haha. I've been scrapping their website to build my dictionaries the whole time for nothing :p Thanks for the tip! |
The problem is the user/pass lists, which does require scraping.. unfortunately. But having all of these routes in one place, helps in automating the process of "what credentials am I looking for, to add them to my list". If this project was written in Python I could actively help but... I can't even code a "hello world" in GO haha |
Just a thought, as an enhancement.
It would be super useful when a stream is found and successfully accessed, to automatically brute force channel IDs for other streams on the same IP.
For example, the stream URL rtsp://666666:[email protected]:554/cam/realmonitor could be brute forced like this: cam/realmonitor?channel=1 and cam/realmonitor?channel=2 etc until all available streams are exposed.
Another example, the URL rtsp://admin:[email protected]:554/StreamingSetting?version=1.0&action=getRTSPStream&ChannelID=1&ChannelName=Channel1 and its ChannelID parameter could be brute forced as well.
Unfortunately it's hard for me to contribute practically but in theory, this could be done with routes that have "brute force positions". For example ChannelID={} instead of ChannelID=1.
Do you think it's useful?
The text was updated successfully, but these errors were encountered: