def PacketHandler(pkt):
global streams
global rtmp_port
global out_mode
global quit_first
if pkt.haslayer(TCP) and pkt.haslayer(Raw):
#Skipping if the rtmp_port is defined and is different from the packet dest port
if rtmp_port != 0 and pkt[TCP].dport != rtmp_port:
return
sport = pkt[TCP].sport
#hexdump(pkt.load)
"""
The easiest way to follow the TCP streams is to use the source port as
distinction element. So i will consider each packet with the same source
port as part of the same TCP stream """
if sport not in streams:
stream = Stream(pkt.load)
streams[sport] = stream
else:
streams[sport].appendData(pkt.load)
if streams[sport].dontScanAgain:
return
#This is the mininium size that an RTMP stream must have to contains interesting data...
if streams[sport].size > 0x600*2:
logger.debug("Dissecting stream: %s" % sport)
rtmp = rtmpParser()
try:
amfCmds = rtmp.rtmpParseStream(streams[sport])
#If I have 2 AMF commands (play and connect), I can print the results
if amfCmds.count() == 2:
logger.info("\n* RTMP Stream found!")
amfCmds.printOut(out_mode)
streams[sport].dontScanAgain = True
if quit_first:
sys.exit(0)
else:
streams[sport].offset = 0
except StreamNoMoreBytes:
logger.debug("No more bytes to read from the stream!")
except Exception as e:
logger.error("Error parsing the RTMP stream: %s" % e)
def PacketHandler(pkt):
global streams
global rtmp_port
global out_mode
global quit_first
if pkt.haslayer(TCP) and pkt.haslayer(Raw):
#Skipping if the rtmp_port is defined and is different from the packet dest port
if rtmp_port != 0 and pkt[TCP].dport != rtmp_port:
return
sport = pkt[TCP].sport
#hexdump(pkt.load)
"""
The easiest way to follow the TCP streams is to use the source port as
distinction element. So i will consider each packet with the same source
port as part of the same TCP stream """
if sport not in streams:
stream = Stream(pkt.load)
streams[sport] = stream
else:
streams[sport].appendData(pkt.load)
if streams[sport].dontScanAgain:
return
#This is the mininium size that an RTMP stream must have to contains interesting data...
if streams[sport].size > 0x600 * 2:
logger.debug("Dissecting stream: %s" % sport)
rtmp = rtmpParser()
try:
amfCmds = rtmp.rtmpParseStream(streams[sport])
#If I have 2 AMF commands (play and connect), I can print the results
if amfCmds.count() == 2:
logger.info("\n* RTMP Stream found!")
amfCmds.printOut(out_mode)
streams[sport].dontScanAgain = True
if quit_first:
sys.exit(0)
else:
streams[sport].offset = 0
except StreamNoMoreBytes:
logger.debug("No more bytes to read from the stream!")
except Exception as e:
logger.error("Error parsing the RTMP stream: %s" % e)
#MAIN
if __name__ == "__main__":
args = setupArgParser()
if args.debug:
logger.DEBUG = True
if args.quiet:
logger.QUIET = True
rtmp_port = args.port
out_mode = args.out_mode
quit_first = args.quit_first
logger.info("rtmpSnoop v0.1 - The RTMP Sniffer!")
logger.info("Andrea Fabrizi - [email protected]\n")
streams = dict()
#Not sniffing, reading from dump file
if args.pcapfile:
logger.info("Reading packets from dump file '%s'..." % args.pcapfile)
sniff(offline=args.pcapfile, filter="tcp", prn = PacketHandler)
#Sniffing on the specified device
elif args.device:
logger.info("Starting sniffing on %s..." % args.device)
try:
sniff(iface=args.device, prn = PacketHandler)
except socket.error as e:
#MAIN
if __name__ == "__main__":
args = setupArgParser()
if args.debug:
logger.DEBUG = True
if args.quiet:
logger.QUIET = True
rtmp_port = args.port
out_mode = args.out_mode
quit_first = args.quit_first
logger.info("rtmpSnoop v%s - The RTMP Sniffer!" % VERSION)
logger.info("Andrea Fabrizi - [email protected]\n")
streams = dict()
#Not sniffing, reading from dump file
if args.pcapfile:
logger.info("Reading packets from dump file '%s'..." % args.pcapfile)
sniff(offline=args.pcapfile, filter="tcp", prn=PacketHandler)
#Sniffing on the specified device
elif args.device:
logger.info("Starting sniffing on %s..." % args.device)
try:
sniff(iface=args.device, prn=PacketHandler, store=0)
except socket.error as e:
def printBar(self):
logger.info("*************************************")
def printBar(self):
logger.info("*************************************")
