gilles/cameradar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add tlsConfig to RTSP client to skip self-signed certs

Browse Source
This commit is contained in:
Jake Daynes
2026-03-13 03:29:18 -07:00
parent 62ab02acf0
commit d70d774be6
2 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/attack/attacker.go
+7
View File
@@ -305,6 +305,13 @@ func (a Attacker) routeAttack(ctx context.Context, stream cameradar.Stream, rout
if code == base.StatusMovedPermanently {
a.handleRedirect(&stream, headers)
u, urlStr, err = buildRTSPURL(stream, route, stream.Username, stream.Password)
if err == nil {
code, _, err = a.probeDescribeHeaders(ctx, u, urlStr)
if err == nil {
a.reporter.Debug(cameradar.StepAttackRoutes, fmt.Sprintf("DESCRIBE %s RTSP/1.0 (redirect followed) > %d", urlStr, code))
}
}
}
access := code == base.StatusOK || code == base.StatusUnauthorized || code == base.StatusForbidden
internal/attack/rtsp.go
+7 -5
View File
@@ -3,6 +3,7 @@ package attack
import (
"bufio"
"context"
"crypto/tls"
"errors"
"fmt"
"net"
@@ -24,6 +25,7 @@ func (a Attacker) newRTSPClient(u *base.URL) (*gortsplib.Client, error) {
client := &gortsplib.Client{
ReadTimeout: a.timeout,
WriteTimeout: a.timeout,
TLSConfig: &tls.Config{InsecureSkipVerify: true},
}
client.Scheme = u.Scheme
client.Host = u.Host
@@ -123,24 +125,24 @@ func (a Attacker) handleRedirect(stream *cameradar.Stream, resHeaders base.Heade
if len(locations) == 0 {
return
}
location, err := base.ParseURL(locations[0])
location, err := url.Parse(locations[0])
if err != nil {
return
}
switch location.Scheme {
case "rtsps":
stream.Secure = true
case "rtsp":
stream.Secure = false
}
if location.Hostname() != "" {
if addr, err := netip.ParseAddr(location.Hostname()); err == nil {
stream.Address = addr
}
}
if location.Port() != "" {
if port, err := strconv.Atoi(location.Port()); err == nil {
stream.Port = uint16(port)
@@ -198,7 +200,7 @@ func headerValues(header base.Header, name string) base.HeaderValue {
func buildRTSPURL(stream cameradar.Stream, route, username, password string) (*base.URL, string, error) {
host := net.JoinHostPort(stream.Address.String(), strconv.Itoa(int(stream.Port)))
path := "/" + strings.TrimLeft(strings.TrimSpace(route), "/") // Ensure path starts with a single "/"
scheme := "rtsp"
if stream.Secure {
scheme = "rtsps"