Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Question about IPTV pentestng - packet manipulation for subscribing charged content
From: 김무성 <kimms () infosec co kr>
Date: Mon, 25 Jan 2010 19:04:05 +0900

Hello list.

2010.1.14, I sent to list Below e-mail.

So someone gave me information. about netsed

http://lcamtuf.coredump.cx/soft/netsed.tgz

It was a tool which I want

 

Structure)

Monitor - IPTV STB - PC(attacker) - VDSL modem - internet

 

PC have two NIC.

Bridge mode.

 

Ex)      ifconfig eth0 0.0.0.0

           Ifconfig eth1 0.0.0.0

           Brctl addbr br0

           Brctl addif br0 eth0

           Brctl addif br0 eth1

           Ifconfig br0 up

 

And then run tcpdump

 

bash# tcpdump -n -i eth0                         

                       ...

         (lots of funny stuff)

                       ...

bash# tcpdump -n -i eth1

                       ...

         (lots of funny stuff)

 

And I could watch IPTV normally.

 

Netsed have a localport.

So if packet is sent localport, netsed will edit this packet and forward.

 

Bash# netsed     tcp      10000      0           0       s/abc/def

                 Protocol  localport  remoteIP   rPort     rule

 

For IPTV packet forwarding to netsed’s localport, run these command. 

 

bash# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \

        --ip-destination-port 80 -j redirect --redirect-target ACCEPT

 

bash# iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \

        -j REDIRECT --to-port 10000

 

Because IPTV is on bridge network, I use ebtables and iptables.

 

Finally, when IPTV want to look for VoD list, it send http packet.

But netsed cannot receive forwarded packet. So I cannot watch VoD list.

 

All of this is to subscribe charged content.

What was wrong?

 

------------------------------------------------------------------------------------------------------------------------

Hello list.

 

I’m pen testing IPTV.

 

Example)

 

Monitor - IPTV STB - PC(attacker) - VDSL modem - internet

PC has two NIC

Two NIC are bridge mode

 

IPTV STB sends request packet for knowing that where is specific file for playing.

 

To server port 8080.

POST /VoD/whereisvod.cgi

a1d1.mpg

 

 

Server’s response is 

 

HTTP/1.1 200 OK

192.168.10.10

 

And then

IPTV STB sends RTSP packet to 192.168.10.10.

 

To server port 554

           DESCRIBE a1d1.mpg

 

And play.

 

I wanna edit this file name. (a1d1.mpg is free, a1d2.mpg not free)

 

POST /VoD/whereisvod.cgi

a1d2.mpg

 

DESCRIBE a1d2.mpg

 

For this, I have to packet sniffing and blocking them and manipulation packet and resend.

Are there tools?

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault