Jump to content


Photo
- - - - -

RTMP / SWF spying possible?


  • Please log in to reply
3 replies to this topic

#1 jeicrash

jeicrash

    Will I break 10 posts?

  • Members
  • 7 posts

Posted 22 June 2010 - 11:25 PM

Sites like chatroulette and peekattack use swf files to pull in random partners for you to see. After looking at some source and wireshark / ettercap, and tcpdumps it looks like it may be possible to view peoples cams whenever you want via RTMP.

I could be completely wrong and way off on this but here is what I "think I understand" so far.

1. Each user is given a unique id number when they connect, This number changes with each new session. So you keep the number until you leave the site and come back.
2. These sites seam to be using port udp 1935 to make a direct connection from you to your partner. This saves a ton of bandwidth for the application server.
3. The swf file has to be passed the user id's for both sides (or perhaps just your partner) so their cam shows, and the chat window syncs between each user.

I have looked through chatroulette the most since they have the least amount of garbage in the code. And seams to be using
s2v0.swf for the main app with flashvars="ver=0&layout=h" (layout seams to use h for horizontal or c for centered)
They also use a few javascript files that seam to control buttons, chat box, and partner matching.

I'm not a fan of looking at guys with no love life except their hands, but I am curious in the way the site works and would like to know if it is possible to view someones cam using their id through rtmp with a program like mplayer or vlc.

If any of the above doesn't make sense plese let me know, This is the first time I am looking into this sort of concept and it may not even be doable.

I know many of you are going to be asking "WHY?" so here are the only reasons I can think of.

1. Just to see if it can be done
2. Embedding peoples cams into sites for boredom sake
3. Using someone elses cam as a stream in webcam software (webcamstudio) as your webcam to pass a bored afternon.

Closing note:
From what I have gathered it is not possible to monitor someone once they leave the site, or get a new id, so this could not be turned into an easy to use stalking application.

Thanks all, hope this peaks someones interest and I'll be happy to offer any sniffer dumps and info I have gathered.

Jei.

#2 jeicrash

jeicrash

    Will I break 10 posts?

  • Members
  • 7 posts

Posted 25 June 2010 - 09:07 PM

UPDATE:

I have been looking through some sniffer logs and the rtmp url is there, but it seams the site is possibly making each rtmp stream unicast. Meaning basically only one person (The partner) can view the stream. However I do not think I have successfully grabbed a correct rtmp url either. I'll keep at it and report back any findings.

#3 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 26 June 2010 - 04:29 PM

UPDATE:

I have been looking through some sniffer logs and the rtmp url is there, but it seams the site is possibly making each rtmp stream unicast. Meaning basically only one person (The partner) can view the stream. However I do not think I have successfully grabbed a correct rtmp url either. I'll keep at it and report back any findings.



I have not looked into what you are saying, but I did get bored and made this maltego graph of chatroulette

http://www.scribd.co...7/Chat-Roulette

#4 jeicrash

jeicrash

    Will I break 10 posts?

  • Members
  • 7 posts

Posted 05 July 2010 - 12:05 PM

Final note on this then I think this thread can be closed.

While looking around I found a tool that supposedly does what I am looking for. It is called "Chatroulette elite tool 2010" I have not tried it nor will I since you have to get on usenext to get it. I doubt the tool is real and no more then a virus / backdoor the author created.

After much research This is what I have found out.

1. UDP connections are created between 2 people as a unicast connection. Meaning once they connect to someone else there is no real way to view their cam.
2. The id seams to change each time they connect to cr's server. So even knowing the id does very little
3. off topic, if you get banned as I did for trying to actually chat with people but you type too fast (Much like irc flood control) simply changing your mac address will remove the ban.

I hope some of this has been of interest and hopefully my next thread will be more interesting.

Thanks
Jei




BinRev is hosted by the great people at Lunarpages!