Full Disclosure mailing list archives
Question about IPTV pentestng - packet manipulation for subscribing charged content
From: 김무성 <kimms () infosec co kr>
Date: Mon, 25 Jan 2010 19:04:05 +0900
Hello list. 2010.1.14, I sent to list Below e-mail. So someone gave me information. about netsed http://lcamtuf.coredump.cx/soft/netsed.tgz It was a tool which I want Structure) Monitor - IPTV STB - PC(attacker) - VDSL modem - internet PC have two NIC. Bridge mode. Ex) ifconfig eth0 0.0.0.0 Ifconfig eth1 0.0.0.0 Brctl addbr br0 Brctl addif br0 eth0 Brctl addif br0 eth1 Ifconfig br0 up And then run tcpdump bash# tcpdump -n -i eth0 ... (lots of funny stuff) ... bash# tcpdump -n -i eth1 ... (lots of funny stuff) And I could watch IPTV normally. Netsed have a localport. So if packet is sent localport, netsed will edit this packet and forward. Bash# netsed tcp 10000 0 0 s/abc/def Protocol localport remoteIP rPort rule For IPTV packet forwarding to netsed’s localport, run these command. bash# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ --ip-destination-port 80 -j redirect --redirect-target ACCEPT bash# iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \ -j REDIRECT --to-port 10000 Because IPTV is on bridge network, I use ebtables and iptables. Finally, when IPTV want to look for VoD list, it send http packet. But netsed cannot receive forwarded packet. So I cannot watch VoD list. All of this is to subscribe charged content. What was wrong? ------------------------------------------------------------------------------------------------------------------------ Hello list. I’m pen testing IPTV. Example) Monitor - IPTV STB - PC(attacker) - VDSL modem - internet PC has two NIC Two NIC are bridge mode IPTV STB sends request packet for knowing that where is specific file for playing. To server port 8080. POST /VoD/whereisvod.cgi a1d1.mpg Server’s response is HTTP/1.1 200 OK 192.168.10.10 And then IPTV STB sends RTSP packet to 192.168.10.10. To server port 554 DESCRIBE a1d1.mpg And play. I wanna edit this file name. (a1d1.mpg is free, a1d2.mpg not free) POST /VoD/whereisvod.cgi a1d2.mpg DESCRIBE a1d2.mpg For this, I have to packet sniffing and blocking them and manipulation packet and resend. Are there tools?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Question about IPTV pentestng - packet manipulation for subscribing charged content 김무성 (Jan 25)
- Re: Question about IPTV pentestng - packet manipulation for subscribing charged content Michael Holstein (Jan 25)