07-28-2010, 12:00 PM
|
Junior Member
|
|
Join Date: Jul 2010
Posts: 3
|
|
Re: How to find RTMPE stream URLs
How to find RTMPE URL with pmdump, HxD viewer
I installed the following softwares first. - rtmpdump-2.3
- Process Explorer v12.04
- HxD Viewer 1.7.7.0
- pmdump v1.2
- Visual C++ 2008 Redistributables (x64)
(My OS is 64-bit, 32bit version needs to be installed for 32-bit users) - Win64 OpenSSL v0.9.8o
(32 bit users need 32-bit version)
Now our target command is
Code:
rtmpdump -r "<rtmpe_url>" -W "<flash_player_url>" -o outputFile.flv -V
- Open all windows and keep it ready
a) Open cmd prompt with admin privileges and move to the location of pmdump and keep it ready.
Tip: It is better if you install pmdump inside same folder as rtmpdump, so that you need not go back and forth between pmdump and rtmpdump.
b) Open Process Explorer and keep it ready (Notice, your browser is not yet started, so Process Explorer will not show your browser)
c) Open HxD viewer and keep it ready.
d) Keep a notepad window open with sample command already there like this, it will be easy for you replace the command with what you want.
rtmpdump -r "rtmpe://fms.1B42.edgecastcdn.net/001B42/vault/videoclips/movies/MayaBazaar.mp4?e=1280357960" -W "http://www.mybigflix.com/apache_file/flash/Player.swf" -o xx.flv -V
- Step2: Browser activity
a) Open browser window (Having single tab is better, less confusion, less memory dump)
b) Navigate to the particular video what you want to download
c) Sometimes there will be an advertisement for 30 secs, wait until the advertisement is over and movie starts. Once movie starts, goto step 3 immediately.
- Step3: Finding Process ID of your flash player (which is currently running the movie)
For Example, Lets take Chrome as the browser.
a) In Process Explorer, if you see, Chrome will have many sub processes (one or two), Most probably the second sub-process will have name something related to plugin container (which is nothing but our Adobe flash player plugin). Note down that process id (not the main chrome process id). Also note that particular process id will have huge activity in kB/MB dynamically changing, because your movie is streaming in the browser.
For Example, we assume process id is 5760.
- Step4: Dumping the process data
a) Immediately, type the following command in cmd window, which is already open in the pmdump folder.
Code:
pmdump 5760 example
The general syntax is
Code:
pmdump <processid> <any_file_name>
Note: There is no need of typing any extension for filename. That file is raw data file.
Here the name "example" is just an example. The name can be anything.
b) Close the browser window. There is no need to keep the browser open or streaming as you have already dumped the required url data.
- Step5: Finding the rtmpe_url using HxD viewer.
a) Open example (which we just saved now from pmdump) in HxD viewer.
b) Press Ctlr+F or Click Search--> Find
c) Make sure the cursor is somewhere at the start of the file. Type "rtmpe" without quotes and click OK.
You will get you first search hit. Check out whether it a direct and correct rtmpe url.
You may find two types of rtmpe in this hex dump file
one direct like this
rtmpe://fms.1B42.edgecastcdn.net/001B42/vault/videoclips/movies/MayaBazaar.mp4?e=1280357960
or one with ascii codes, like this
rtmpe%3A2F%2Ffms%2E1B42%2Eedgecastcdn%2Enet%2F001B 42%2Fvault%2Fvideoclips%2Fmovies%2FMayaBazaar%2Emp 4%3Fe%3D1280357960&productId=1292
The second one is not wanted.
So if your search hit is like second one, then just move the cursor below that rtmpe line and again press Ctrl+F and Ok.
You will get next search result. Check like this until you get correct rtmpe url. Mostly in first or second hit you will get it.
Note: If you are not getting any search result
a) You have noted down the wrong process id and dumped the wrong process. Note down the right process and do it again, if you don't know which process is right, just try trial and error of all processes under Chrome in Process Explorer.
b) Your cursor is at the end of the file
c) You have misspelled rtmpe as rmtpe.
d) Copy the rtmpe url. Select the text using mouse and press Ctrl+C.
d) Now paste that in the notepad window and replace the sample rtmpe_url from one end of quotes to other end of quotes.
e) Since we are done with the full command now (as rtmpe_url is the only unknown which is replaced in notepad now) copy the entire command, by selecting and pressing Ctrl+C.
|