[rtmpdump] rtmpdump --> tcpdump-parser

compn tempn at twmi.rr.com
Fri Mar 5 00:03:08 CET 2010

On Thu, 04 Mar 2010 10:26:57 -0800, Howard Chu wrote:
>mightydoggy wrote:
>> I'm working on cleaning up the documentation, pulling together the different
>> scenarios etc to get you from site to capture using only rtmpdump/suck/etc...
>> With rtmpdump doing such heavy lifting, it seems like now most difficult step
>> for people is capturing the variables they need to pass to rtmpdump.
>> Since not every user can run rtmpsuck as a separate user, and dumping a
>> packet-sniff to a file is pretty minor stuff, how about using rtmpsuck's
>> parser, running the file through to spit out the variables/pipe to rtmpdump?
>> That way people are more-or-less covered; if they can't run the proxy, they
>> can just libpcap and run the results through rtmpsuck for the same effect?
>> Unless I'm out of my mind and we can already do that...
>> md
>With some rare exceptions, this approach won't work for rtmpe because you 
>won't know the encryption keys. That's the main reason you need an actual MITM 
>like rtmpsuck.
>Otherwise, for plain rtmp, sure, it would work fine.

i think some docs on how to get rtmpsuck to work would be more useful.

at least i've heard one person using a winxp VM with hosts file
(restarting each time) who got rtmpsuck working.

it might be more useful to create a minimalist linux
vmware/virtualbox/virtualpc iso with firefox + flash plugin which you
could run rtmpsuck on in its own little vm. i wonder how small you
could get it ? 100mb?


More information about the rtmpdump mailing list