Quote:
Originally Posted by svnpenn
You need to create a file that contains the RTMP handshake.
Normally if you were using a computer with Firefox the handshake is captured in the RAM, under the process plugin-container.exe. From there you can dump the memory of that process using ProcDump. It creates a file called plugin-container.dmp. This file contains a capture of the process memory, which in turn includes the RTMP handshake as well as first part of the video. You cannot capture the video data because it is encrypted, but you can capture the handshake, which is in plain text. From the file you could do a simple grep command
Code:
grep swf plugin-container.dmp
Your main trouble is capturing this handshake to a file. If you can figure a way to do that then the rest should be easy. |
Hi Steven.
I have the "handshake" from the network trace, and these are RTMP packets. There is "Handshake C2" and "Handshake C0+C1". Is that going to help?
