Easily fake the 127.0.0.1 header

DrmnSamoLiu / Tapo_Camera_Firmware

This ReadMe will be updated from time to time with the URL to download latest firmware for TP-Link Tapo cameras I have.

14 stars 3 forks source link

Easily fake the 127.0.0.1 header #4

Closed SamDecrock closed 10 months ago

SamDecrock commented 1 year ago

Hi,

I just wanted to add that to fake the http header into 127.0.0.1 (as you explain here https://drmnsamoliu.github.io/video.html), you can use an ssh tunnel to yourself:

sudo ssh -L 554:<camera-ip>:554 you@localhost

This will make a tunnel from 127.0.0.1:554 to :554

Using VLC, you can make a connection to 127.0.0.1:554 and that IP will stay in the header and gets forwarded to the camera.

DrmnSamoLiu commented 11 months ago

Nice, really appreciate the tip! Unfortunately this vuln seems to be patched. And although I haven't tried yet, from a thesis I found citing my website, it seems simply using "127.0.0.1" as user name in the rtsp URL works too. (like rtsp://127.0.0.1:password@ipaddr) It's kinda insane I never thought about this before :p

SamDecrock commented 10 months ago

Indeed. It doesn't work anymore.