Blog | G5 Cyber Security

Burp Suite: Intercepting Video Streams

G5 Cyber Security

TL;DR

Burp Suite often struggles with live video streams due to how they’re transmitted. This guide shows you how to configure Burp and your browser to intercept these streams, focusing on techniques like using a local proxy and adjusting stream settings.

Solution Guide

  1. Understand the Problem
    • Video streams are often sent in chunks using protocols like HTTP Live Streaming (HLS), Dynamic Adaptive Streaming over HTTP (DASH), or WebSockets.
    • Burp’s default interception rules might not automatically catch these chunked requests.
    • Browser caching can also prevent Burp from seeing the initial stream requests.
  2. Configure Burp Suite Proxy
    • Ensure Burp’s proxy is running and listening on a port (usually 8080). Check in Burp’s Proxy settings.
    • Verify your browser is configured to use Burp as its proxy. Typically, this involves setting the HTTP and HTTPS proxy to 127.0.0.1 (localhost) on port 8080.
  3. Disable Browser Cache
    • In your browser’s developer tools (usually F12), go to the Network tab.
    • Check the “Disable cache” option while the developer tools are open. This forces the browser to request all resources, including stream segments, through Burp.
  4. Intercept Initial Stream Request
    • Start capturing traffic in Burp Suite (Proxy > Intercept).
    • Navigate to the webpage containing the video stream.
    • Look for the initial request that fetches the stream manifest file (.m3u8 for HLS, .mpd for DASH). This is often a GET request to a specific URL.
    • If Burp doesn’t intercept it automatically, try manually triggering the request by refreshing the page or using the browser’s developer tools to find and re-execute the initial stream request.
  5. Adjust Interception Rules (if needed)
    • Go to Burp Suite’s Proxy > Options tab.
    • Under “Intercept”, add rules to intercept requests based on URL patterns or file extensions (.m3u8, .mpd). For example, you could add a rule to intercept all requests ending in *.m3u8.
  6. Handle Chunked Requests
    • Once the initial manifest file is intercepted, Burp should start seeing the individual stream segment requests (e.g., .ts files for HLS).
    • If you still don’t see them, check your browser’s network tab to confirm they are being requested and that there aren’t any errors.
  7. WebSocket Streams
    • For streams using WebSockets, ensure Burp is configured to handle WebSocket connections (Proxy > Options > Connections).
    • Intercept the initial WebSocket handshake request.
    • Burp Suite Professional has more advanced features for inspecting and modifying WebSocket traffic than the Community Edition.
  8. Troubleshooting Common Issues
    • HTTPS issues: Ensure you have imported the Burp CA certificate into your browser’s trusted root certificates.
    • Browser extensions: Some browser extensions can interfere with Burp’s interception. Try disabling them temporarily.
    • Stream encryption: If the stream is encrypted, you may need to decrypt it before intercepting and modifying it. This often requires additional tools or knowledge of the encryption scheme.
Exit mobile version