Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
100644 125 lines (87 sloc) 4.95 kb
d5052931 » hyc
2009-12-17 Notes for 2.0
1 RTMP Dump v2.0
7d67491a » hyc
2009-12-16 Use trunk for main development
2 (C) 2009 Andrej Stepanchuk
3 (C) 2009 Howard Chu
4 License: GPLv2
6 To compile type "make" with your platform name, e.g.
8 $ make linux
10 or osx, mingw, or cygwin.
12 You can cross-compile for ARM using
14 $ make arm
16 but you may need to override the CROSS_COMPILE and INC variables, e.g.
18 $ make arm CROSS_COMPILE=arm-none-linux- INC=-I/my/cross/includes
20 Please read the Makefile to see what other make variables are used.
09a0535d » hyc
2009-12-29 Drop libcurl stuff
22 This code also requires you to have OpenSSL and zlib installed.
a45cfbe6 » hyc
2009-12-28 Note that Curl and Zlib are now required
7d67491a » hyc
2009-12-16 Use trunk for main development
25 SWF Verification
26 ----------------
28 Download the swf player you want to use for SWFVerification, unzip it using
30 $ flasm -x file.swf
32 It will show the decompressed filesize, use it for --swfsize
34 Now generate the hash
36 $ openssl sha -sha256 -hmac "Genuine Adobe Flash Player 001" file.swf
38 and use the --swfhash "01234..." option to pass it.
40 e.g. $ ./rtmpdump --swfhash "123456..." --swfsize 987...
6fbcac48 » hyc
2009-12-28 Add note about automatic SWF verification
42 Note: all of this is now done automatically if you provide the SWF URL using
43 the -W (--swfVfy) option instead of the -s (--swfUrl) option. Also, the hash info
44 is cached in ~/.swfinfo so it doesn't need to be recalculated all the time.
7d67491a » hyc
2009-12-16 Use trunk for main development
46 Building OpenSSL 0.9.8k
47 -----------------------
48 arm:
49 ./Configure -DL_ENDIAN --prefix=`pwd`/armlibs linux-generic32
51 Then replace gcc, cc, ar, ranlib in Makefile and crypto/Makefile by arm-linux-* variants and use make && make install_sw
53 win32:
54 Try ./Configure mingw --prefix=`pwd`/win32libs -DL_ENDIAN -DOPENSSL_NO_HW
55 Replace gcc, cc, ... by mingw32-* variants in Makefile and crypto/Makefile
56 make && make install_sw
58 OpenSSL cross-compiling can be a difficult beast.
d5052931 » hyc
2009-12-17 Notes for 2.0
61 Credit goes to team boxee for the XBMC RTMP code originally used in RTMPDumper.
62 The current code is based on the XBMC code but rewritten in C by Howard Chu.
7d67491a » hyc
2009-12-16 Use trunk for main development
d0ef6998 » hyc
2009-12-30 Notes about rtmpsuck.
64 RTMP Servers
091881d0 » hyc
2009-12-28 Add note about rtmpsrv
65 -----------
66 You can also use "make rtmpsrv" to build a stub server. Note that this is
67 very incomplete code, and I haven't yet decided whether or not to finish
68 it. In its current form it is useful for obtaining all the parameters
69 that a real Flash client would send to an RTMP server, so that they can be
70 used with rtmpdump.
d0ef6998 » hyc
2009-12-30 Notes about rtmpsuck.
72 You can also use "make rtmpsuck" to build a proxy server. See below...
091881d0 » hyc
2009-12-28 Add note about rtmpsrv
74 All you need to do is redirect your Flash clients to the machine running this
75 server and it will dump out all the connect / play parameters that the Flash
76 client sent. The simplest way to cause the redirect is by editing /etc/hosts
77 when you know the hostname of the RTMP server, and point it to localhost while
78 running rtmpsrv on your machine. (This approach should work on any OS; on
79 Windows you would edit %SystemRoot%\system32\drivers\etc\hosts.)
81 On Linux you can also use iptables to redirect all outbound RTMP traffic.
82 You can do this as root:
84 iptables -t nat -A OUTPUT -p tcp --dport 1935 -j REDIRECT
86 In my original plan I would have the transparent proxy running as a special
87 user (e.g. user "proxy"), and regular Flash clients running as any other user.
88 In that case the proxy would make the connection to the real RTMP server. The
89 iptables rule would look like this:
91 iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner proxy \
d0ef6998 » hyc
2009-12-30 Notes about rtmpsuck.
94 A rule like the above will be needed to use rtmpsuck.
091881d0 » hyc
2009-12-28 Add note about rtmpsrv
96 Using it in this mode takes advantage of the Linux support for IP redirects;
97 in particular it uses a special getsockopt() call to retrieve the original
98 destination address of the connection. That way the proxy can create the
99 real outbound connection without any other help from the user. I'm not aware
100 of equivalent functionality on BSD, Windows, or any other platform; if you
101 know how to handle this I'd be interested in hearing about it.
d0ef6998 » hyc
2009-12-30 Notes about rtmpsuck.
103 The rtmpsuck command has only one option: "-z" to turn on debug logging.
104 It listens on port 1935 for RTMP sessions, but you can also redirect other
105 ports to it as needed (read the iptables docs). It first performs an RTMP
106 handshake with the client, then waits for the client to send a connect
107 request. It parses and prints the connect parameters, then makes an
108 outbound connection to the real RTMP server. It performs an RTMP handshake
109 with that server, forwards the connect request, and from that point on it
110 just relays packets back and forth between the two endpoints.
112 It also checks for a few packets that it treats specially: a play packet
113 from the client will get parsed so that the playpath can be displayed. It
114 also handles SWF Verification requests from the server, without forwarding
115 them to the client. (There would be no point, since the response is tied to
116 each session's handshake.)
118 Once the play command is processed, all subsequent audio/video data received
119 from the server will be written to a file, as well as being delivered back
120 to the client.
122 The point of all this, instead of just using a sniffer, is that since rtmpsuck
123 has performed real handshakes with both the client and the server, it can
124 negotiate whatever encryption keys are needed and so record the unencrypted
125 data.
Something went wrong with that request. Please try again.