From d70d774be6d57f201368f0f206c8a9329168a3da Mon Sep 17 00:00:00 2001 From: Jake Daynes Date: Fri, 13 Mar 2026 03:29:18 -0700 Subject: [PATCH] fix: add tlsConfig to RTSP client to skip self-signed certs --- internal/attack/attacker.go | 7 +++++++ internal/attack/rtsp.go | 12 +++++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/internal/attack/attacker.go b/internal/attack/attacker.go index bbe6daf..64cf560 100644 --- a/internal/attack/attacker.go +++ b/internal/attack/attacker.go @@ -305,6 +305,13 @@ func (a Attacker) routeAttack(ctx context.Context, stream cameradar.Stream, rout if code == base.StatusMovedPermanently { a.handleRedirect(&stream, headers) + u, urlStr, err = buildRTSPURL(stream, route, stream.Username, stream.Password) + if err == nil { + code, _, err = a.probeDescribeHeaders(ctx, u, urlStr) + if err == nil { + a.reporter.Debug(cameradar.StepAttackRoutes, fmt.Sprintf("DESCRIBE %s RTSP/1.0 (redirect followed) > %d", urlStr, code)) + } + } } access := code == base.StatusOK || code == base.StatusUnauthorized || code == base.StatusForbidden diff --git a/internal/attack/rtsp.go b/internal/attack/rtsp.go index 570dd90..f1383b1 100644 --- a/internal/attack/rtsp.go +++ b/internal/attack/rtsp.go @@ -3,6 +3,7 @@ package attack import ( "bufio" "context" + "crypto/tls" "errors" "fmt" "net" @@ -24,6 +25,7 @@ func (a Attacker) newRTSPClient(u *base.URL) (*gortsplib.Client, error) { client := &gortsplib.Client{ ReadTimeout: a.timeout, WriteTimeout: a.timeout, + TLSConfig: &tls.Config{InsecureSkipVerify: true}, } client.Scheme = u.Scheme client.Host = u.Host @@ -123,24 +125,24 @@ func (a Attacker) handleRedirect(stream *cameradar.Stream, resHeaders base.Heade if len(locations) == 0 { return } - location, err := base.ParseURL(locations[0]) + location, err := url.Parse(locations[0]) if err != nil { return } - + switch location.Scheme { case "rtsps": stream.Secure = true case "rtsp": stream.Secure = false } - + if location.Hostname() != "" { if addr, err := netip.ParseAddr(location.Hostname()); err == nil { stream.Address = addr } } - + if location.Port() != "" { if port, err := strconv.Atoi(location.Port()); err == nil { stream.Port = uint16(port) @@ -198,7 +200,7 @@ func headerValues(header base.Header, name string) base.HeaderValue { func buildRTSPURL(stream cameradar.Stream, route, username, password string) (*base.URL, string, error) { host := net.JoinHostPort(stream.Address.String(), strconv.Itoa(int(stream.Port))) path := "/" + strings.TrimLeft(strings.TrimSpace(route), "/") // Ensure path starts with a single "/" - + scheme := "rtsp" if stream.Secure { scheme = "rtsps"