fix: add tlsConfig to RTSP client to skip self-signed certs
This commit is contained in:
Jake Daynes
@@ -305,6 +305,13 @@ func (a Attacker) routeAttack(ctx context.Context, stream cameradar.Stream, rout
|
|||||||
|
|
||||||
if code == base.StatusMovedPermanently {
|
if code == base.StatusMovedPermanently {
|
||||||
a.handleRedirect(&stream, headers)
|
a.handleRedirect(&stream, headers)
|
||||||
|
u, urlStr, err = buildRTSPURL(stream, route, stream.Username, stream.Password)
|
||||||
|
if err == nil {
|
||||||
|
code, _, err = a.probeDescribeHeaders(ctx, u, urlStr)
|
||||||
|
if err == nil {
|
||||||
|
a.reporter.Debug(cameradar.StepAttackRoutes, fmt.Sprintf("DESCRIBE %s RTSP/1.0 (redirect followed) > %d", urlStr, code))
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
access := code == base.StatusOK || code == base.StatusUnauthorized || code == base.StatusForbidden
|
access := code == base.StatusOK || code == base.StatusUnauthorized || code == base.StatusForbidden
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ package attack
|
|||||||
import (
|
import (
|
||||||
"bufio"
|
"bufio"
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
@@ -24,6 +25,7 @@ func (a Attacker) newRTSPClient(u *base.URL) (*gortsplib.Client, error) {
|
|||||||
client := &gortsplib.Client{
|
client := &gortsplib.Client{
|
||||||
ReadTimeout: a.timeout,
|
ReadTimeout: a.timeout,
|
||||||
WriteTimeout: a.timeout,
|
WriteTimeout: a.timeout,
|
||||||
|
TLSConfig: &tls.Config{InsecureSkipVerify: true},
|
||||||
}
|
}
|
||||||
client.Scheme = u.Scheme
|
client.Scheme = u.Scheme
|
||||||
client.Host = u.Host
|
client.Host = u.Host
|
||||||
@@ -123,24 +125,24 @@ func (a Attacker) handleRedirect(stream *cameradar.Stream, resHeaders base.Heade
|
|||||||
if len(locations) == 0 {
|
if len(locations) == 0 {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
location, err := base.ParseURL(locations[0])
|
location, err := url.Parse(locations[0])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
switch location.Scheme {
|
switch location.Scheme {
|
||||||
case "rtsps":
|
case "rtsps":
|
||||||
stream.Secure = true
|
stream.Secure = true
|
||||||
case "rtsp":
|
case "rtsp":
|
||||||
stream.Secure = false
|
stream.Secure = false
|
||||||
}
|
}
|
||||||
|
|
||||||
if location.Hostname() != "" {
|
if location.Hostname() != "" {
|
||||||
if addr, err := netip.ParseAddr(location.Hostname()); err == nil {
|
if addr, err := netip.ParseAddr(location.Hostname()); err == nil {
|
||||||
stream.Address = addr
|
stream.Address = addr
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if location.Port() != "" {
|
if location.Port() != "" {
|
||||||
if port, err := strconv.Atoi(location.Port()); err == nil {
|
if port, err := strconv.Atoi(location.Port()); err == nil {
|
||||||
stream.Port = uint16(port)
|
stream.Port = uint16(port)
|
||||||
@@ -198,7 +200,7 @@ func headerValues(header base.Header, name string) base.HeaderValue {
|
|||||||
func buildRTSPURL(stream cameradar.Stream, route, username, password string) (*base.URL, string, error) {
|
func buildRTSPURL(stream cameradar.Stream, route, username, password string) (*base.URL, string, error) {
|
||||||
host := net.JoinHostPort(stream.Address.String(), strconv.Itoa(int(stream.Port)))
|
host := net.JoinHostPort(stream.Address.String(), strconv.Itoa(int(stream.Port)))
|
||||||
path := "/" + strings.TrimLeft(strings.TrimSpace(route), "/") // Ensure path starts with a single "/"
|
path := "/" + strings.TrimLeft(strings.TrimSpace(route), "/") // Ensure path starts with a single "/"
|
||||||
|
|
||||||
scheme := "rtsp"
|
scheme := "rtsp"
|
||||||
if stream.Secure {
|
if stream.Secure {
|
||||||
scheme = "rtsps"
|
scheme = "rtsps"
|
||||||
|
|||||||
Reference in New Issue
Block a user