Hello,
So I have the great rtmpsuck on my hardrive.
In the readme file :
Quote:
rtmpsuck - proxy server. See below...
All you need to do is redirect your Flash clients to the machine running this
server and it will dump out all the connect / play parameters that the Flash
client sent. The simplest way to cause the redirect is by editing /etc/hosts
when you know the hostname of the RTMP server, and point it to localhost while
running rtmpsrv on your machine. (This approach should work on any OS; on
Windows you would edit %SystemRoot%\system32\drivers\etc\hosts.)
On Linux you can also use iptables to redirect all outbound RTMP traffic. You
need to be running as root in order to use the iptables command.
In my original plan I would have the transparent proxy running as a special
user (e.g. user "proxy"), and regular Flash clients running as any other user.
In that case the proxy would make the connection to the real RTMP server. The
iptables rule would look like this:
iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner proxy \
-j REDIRECT
A rule like the above will be needed to use rtmpsuck. Note that you should
replace "proxy" in the above command with an account that actually exists
on your machine.
Using it in this mode takes advantage of the Linux support for IP redirects;
in particular it uses a special getsockopt() call to retrieve the original
destination address of the connection. That way the proxy can create the
real outbound connection without any other help from the user. The equivalent
functionality may exist on other OSs but needs more investigation.
(Based on reading the BSD ipfw manpage, this rule ought to work on BSD:
ipfw add 40 fwd 127.0.0.1,1935 tcp from any to any 1935 not uid proxy
Some confirmation from any BSD users would be nice.)
(We have a solution for Windows based on a TDI driver; this is known to
work on Win2K and WinXP but is assumed to not work on Vista or Win7 as the
TDI is no longer used on those OS versions. Also, none of the known
solutions are available as freeware.)
The rtmpsuck command has only one option: "-z" to turn on debug logging.
It listens on port 1935 for RTMP sessions, but you can also redirect other
ports to it as needed (read the iptables docs). It first performs an RTMP
handshake with the client, then waits for the client to send a connect
request. It parses and prints the connect parameters, then makes an
outbound connection to the real RTMP server. It performs an RTMP handshake
with that server, forwards the connect request, and from that point on it
just relays packets back and forth between the two endpoints.
It also checks for a few packets that it treats specially: a play packet
from the client will get parsed so that the playpath can be displayed. It
also handles SWF Verification requests from the server, without forwarding
them to the client. (There would be no point, since the response is tied to
each session's handshake.)
Once the play command is processed, all subsequent audio/video data received
from the server will be written to a file, as well as being delivered back
to the client.
The point of all this, instead of just using a sniffer, is that since rtmpsuck
has performed real handshakes with both the client and the server, it can
negotiate whatever encryption keys are needed and so record the unencrypted
data.
|
So I understood I have to do something with iptables ...
But I don't now how modify this line :
iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner proxy \
-j REDIRECT
I have set up a linux boxes (ubuntu) to get it working (since my main box is with mac os x)
Can someone help me ?
Thanks !
Carmelo
02-23-2010, 05:16 AM
Linear Mode
