We continue to watch Moscow’s public video surveillance cameras
It was evening, there was nothing. The reason was the activity of the user leider , who gave a link to the public resource in the comments :
What is remarkable about this resource - it provides public access to video surveillance cameras through the built-in player .
In this article there will be neither “salt” nor sugar, but only healthy ones.food links directly from the stove.
')
The list of links that the player uses on that resource:
We include logic of the programmer " vlob! ":
Work links:
Non-working links:
Theory:
Next, _camera_4, etc. It is not taken into account, as there is “10.200.30.24:2033/rtsp___10.208.14.7 8 _axis_media_media.amp_camera _4 / live” and there is no “10.200.30.24.24:2033/rtsp___10.208.14.7 7 _axis_media_media.amp_camera _3 / live”, but following the logic must be "_axis_media_media.amp / live" - that's what we are looking for.
IP list for caching servers :
Ideally, the range should be 10.200.21.1--10.200.30.254 .
List of IP addresses for cameras:
As a range (again, ideal), we take the addresses 10.194.0.1--10.232.255.254 with the exception of 10.200. *. * , Since, according to my logic (as I would have done), these are caching servers.
As a result, this pattern emerges for requests:
We get: 5 billion addresses and requests ... In reality, there are many less requests and we can also save 903k requests in 10-15 seconds of idle script ... (more on that below).
Success:
Failure:
To minimize the time of parsing, set the connection timeout to 10,000 ms, then before the request and after the request (when the server responded or the timeout worked on our client) we save the time value. Then we subtract the first from the second one and if 9500ms or more has passed, then it goes to 1 IP higher (for the caching server), which gives us the above-mentioned saving of 903,224 requests or 104 days waiting for 10 seconds!
You also need to understand that the links to the cameras run in a circle, and as noted in the previous article, there are about 140,000 cameras. The server quietly gives 10 requests per second, so if we have already found 140,000 cameras, then in the future we need not look for them again.
But parsing such a number of addresses will take forever, and we are not in the matrix yet!
Reduce the search range:
Their proxy calmly processes ~ 10 requests for 1 stream, try ... 8 streams, 16 streams ... 16 is enough. Total ~ 160 links per second and a stream at the level of 2-3 megabits, which does not load the network.
Server response:
video / x-flv is if we received the stream from the camera through their server, text / html - if the error message. In the program, you need to make a condition not of finding x-flv, but of the absence of text. Because if the camera is lying, then the server just tupit and we get nothing, but the camera is there.
As a result, 608 cameras were found:
Notifications:
"News":
I hope that after this publication, they will introduce a check on videoproxy2 , so that it gives out only cameras from the “window” project. For other cameras / all cameras, you can raise blablaproxy2 , which does not shine anywhere and which will work on https .
Related Links:
Page with players || Dump in mysql format (description of fields in comments).
video.dit.mos.ru/windowWhat is remarkable about this resource - it provides public access to video surveillance cameras through the built-in player .
In this article there will be neither “salt” nor sugar, but only healthy ones.
')
The list of links that the player uses on that resource:
http://videoproxy2.echd.ru:41025/rtsplive/10.200.21.21:2033/rtsp___10.208.1.18_axis_media_media.amp/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.21.22:2033/rtsp___10.208.1.186_axis_media_media.amp/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.21.22:2033/rtsp___10.208.0.50_axis_media_media.amp/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.21.22:2033/rtsp___10.208.41.134_axis_media_media.amp/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.21.23:2033/rtsp___10.194.23.9_axis_media_media.amp/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.30.24:2033/rtsp___10.208.14.78_axis_media_media.amp_camera_4/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.30.33:2033/rtsp___10.208.14.117_axis_media_media.amp_camera_2/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.26.150:2033/rtsp___10.232.0.121_live_h264/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.26.150:2033/rtsp___10.232.0.1_live_h264/live http://videoproxy2.echd.ru:41025/rtsplive/10.200.26.153:2033/rtsp___10.232.0.113_live_h264/live We include logic of the programmer " vlob! ":
videoproxy2.echd.ru:41025/rtsplivevideoproxy2.echd.ru:41025/rtspliveis a proxy10.200.30.33:2033- this is a caching serverrtsp___10.208.14.117_axis_media_media.amp_camera_2/liveis a link to the stream from the camera on the server.
Work links:
videoproxy2.echd.ru:41025/rtsplive/10.200.21.21:2033/rtsp___10.208.1.18_axis_media_media.amp/livevideoproxy2.echd.ru:41025/rtsplive/10.200.21.21:2033/rtsp___10.208.1.18_axis_media_media.amp
Non-working links:
videoproxy2.echd.ru:41025/rtsplive/10.200.21.21:2033/rtsp___10.208.1.18videoproxy2.echd.ru:41025/rtsplive/10.208.1.18:80videoproxy2.echd.ru:41025/rtsplive/10.208.1.18:81videoproxy2.echd.ru:41025/rtsplive/10.208.1.18:8080videoproxy2.echd.ru:41025/rtsplive/10.208.1.18:8081videoproxy2.echd.ru:41025/rtsplive/10.208.1.18:[_rtsp_ wiki, 7020 27020]
Search automation
Theory:
- Proksya only one ( videoproxy2.echd.ru:41025/rtsplive/ )
- caching server port is unchanged ( : 2033 )
- tail _axis_media_media.amp / live
- tail _live_h264 / live
Next, _camera_4, etc. It is not taken into account, as there is “10.200.30.24:2033/rtsp___10.208.14.7 8 _axis_media_media.amp_camera _4 / live” and there is no “10.200.30.24.24:2033/rtsp___10.208.14.7 7 _axis_media_media.amp_camera _3 / live”, but following the logic must be "_axis_media_media.amp / live" - that's what we are looking for.
IP list for caching servers :
- 10.200.21.21
- 10.200.21.22
- 10.200.21.23
- 10.200.30.24
- 10.200.30.33
- 10.200.26.150
- 10.200.26.153
Ideally, the range should be 10.200.21.1--10.200.30.254 .
List of IP addresses for cameras:
- 10.194.1.7
- 10.194.23.9
- 10.208.0.50
- 10.208.1.186
- 10.208.14.117
- 10.208.41.134
- 10.232.0.113
- 10.232.0.121
As a range (again, ideal), we take the addresses 10.194.0.1--10.232.255.254 with the exception of 10.200. *. * , Since, according to my logic (as I would have done), these are caching servers.
As a result, this pattern emerges for requests:
videoproxy2.echd.ru:41025/rtsplive/10.200.ip13 . ip14 : 2033 / rtsp ___ 10. ip22 . ip23 . ip24 _axis_media_media.amp / livevideoproxy2.echd.ru:41025/rtsplive/10.200.ip13 . ip14 : 2033 / rtsp ___ 10. ip22 . ip23 . ip24 _live_h264 / live
- ip13 - 21..30
- ip14 - 0..254
- ip22 - 194..232
- ip23 - 0..255
- ip24 - 1..254
We get: 5 billion addresses and requests ... In reality, there are many less requests and we can also save 903k requests in 10-15 seconds of idle script ... (more on that below).
Success:
- If successful, the server returns us to the Content-type x-flv or the reverse condition NOT text ;
- If successful, the server is responsible for 1-3 seconds.
Failure:
- The server is responsible for 200-400ms with text in the Content-type ;
- The server thinks for a long time, if they sent a request to a “nonexistent” cache server, in this case it is necessary to stop the parsing on this server and jump to the IP “higher”.
To minimize the time of parsing, set the connection timeout to 10,000 ms, then before the request and after the request (when the server responded or the timeout worked on our client) we save the time value. Then we subtract the first from the second one and if 9500ms or more has passed, then it goes to 1 IP higher (for the caching server), which gives us the above-mentioned saving of 903,224 requests or 104 days waiting for 10 seconds!
You also need to understand that the links to the cameras run in a circle, and as noted in the previous article, there are about 140,000 cameras. The server quietly gives 10 requests per second, so if we have already found 140,000 cameras, then in the future we need not look for them again.
But parsing such a number of addresses will take forever, and we are not in the matrix yet!
Practice
Reduce the search range:
- 10.200.21.21-24, cameras 10. [194, 208, 232] .0-255.1-254
- 10.200.30.21-34, cameras 10. [194, 208, 232] .0-255.1-254
- 10.200.26.150-153, cameras 10.232.0-255.1-254
Their proxy calmly processes ~ 10 requests for 1 stream, try ... 8 streams, 16 streams ... 16 is enough. Total ~ 160 links per second and a stream at the level of 2-3 megabits, which does not load the network.
Server response:
video / x-flv is if we received the stream from the camera through their server, text / html - if the error message. In the program, you need to make a condition not of finding x-flv, but of the absence of text. Because if the camera is lying, then the server just tupit and we get nothing, but the camera is there.
As a result, 608 cameras were found:
| IP | .21.23 | .21.22 | .21.21 | .26.150 | .26.151 | .30.21 | .26.152 | .30.24 | .26.153 | .30.23 | .30.25 | .21.24 | .30.22 |
| number | 193 | 176 | 171 | 31 | ten | 7 | four | four | 3 | 3 | 3 | 2 | one |
- 540 cameras _axis_media_media.amp / live
- 68 cameras _live_h264 / live
Notifications:
- On January 27, at noon, a letter was sent to dit @, an hour later after a personal leider to see the mail. The letter described what and how it works.
- January 28 is also at noon - a new letter on dit-video @, where he mentioned that he already wrote on dit @ and that there was no answer (in each letter it was stated that I was waiting for news)
"News":
- The link to the camera shown in the example was closed on 27 more ... silently and silently.
I hope that after this publication, they will introduce a check on videoproxy2 , so that it gives out only cameras from the “window” project. For other cameras / all cameras, you can raise blablaproxy2 , which does not shine anywhere and which will work on https .
Related Links:
Page with players || Dump in mysql format (description of fields in comments).
Source: https://habr.com/ru/post/249173/
All Articles