Sunday, November 20, 2011

rtspFUZZ a Real Time Streaming Server Fuzzer

The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming.The Real Time Streaming Protocol, or RTSP, is an application-level protocol for control over the delivery of data with real-time properties. RTSP provides an extensible framework to enable controlled, on-demand delivery of real-time data, such as audio and video.

rtspFUZZ is a Real Time Streaming Protocol Server Fuzzer(a python script near about 600 lines)coded by myself.
This fuzzer uses 6 basic crafting and 9 advanced crafting technique to test any target application.

Key Features:
1)This fuzzer uses 6 basic crafting technique with OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting technique to test any target application.
2)Ability to fuzz with Metasploit Pattern (pattern_create.rb) can be helpful to find offset.

How to use??
1)First edit "rtsp.conf" file with your favorite text editor.Change the Parameters as per your requirement.You should get parameters description in the configuration file.
2)Give Write permission to LOG.TXT (chmod 777 README.TXT)
3)Give execution permission to "" file.(chmod 777
4)In shell type "python".Now the script will show your preferences provided in the configuration file.If the information are correct then press enter to start fuzzing.
5)The program will always save the last successful request in LOG.TXT file.When the target crashes go to LOG.TXT file to check the Buffer length and the exact request sent.

Some sample wire-shark captures:


The tool can be downloaded from:


  1. when i run python i get file"",line 1 python syntaxError: invalid syntax, Can anyone tell me what thats about ?

    1. I have tested this with Python2.7. I donno about other versions but it should work.Make sure you have all the required modules installed with your python version!
      if you get a error like this

      Traceback (most recent call last):
      File "C:\Users\Debasish\Desktop\rtsp_fuzz_v0.1\rtsp_fuzz_v 0.1\Main_Package\", line 500, in
      STOPAFTER = config.get('rtspfuzz', 'STOPAFTER')
      File "C:\Python27\lib\", line 610, in get
      raise NoOptionError(option, section)
      NoOptionError: No option 'stopafter' in section: 'rtspfuzz'

      You need to update the rtsp.conf file little bit.Just add STOPAFTER : at the end!


      STOPAFTER : 1000000

  2. ok, got the fuzzer to work but what am i looking for in terms of a rtsp vulnerability? not making out much from your video,

  3. Hi,

    I find this fuzzer so usefull.

    I am able to start fuzzer properly with no issues. But it is taking so much of time for the next pkt to pump in

    Also I dont see 200OK from the server. Is there anything the we need to start at server side(target).

  4. Streaming video is the series of images and sounds that are transported or transmitted from one source, to another location, from which the viewers will watch in the hopes of learning something or being entertained.
    movie box android

  5. Recently, I have commenced a blog the info you give on this site has encouraged and benefited me hugely. Thanks for all of your time & work.

  6. Most free iptv services use MPEG4, H264 or propriety protocols for broadcast or multicast. IPTV can be used to enjoy VoD, adverts, remote windows, and normal TV. As far as technology is concerned, IPTV uses a wide concept and offers a lot of applications.