Jump to content

TMXOD

Members
  • Posts

    2
  • Joined

  • Last visited

Posts posted by TMXOD

  1. Flash 9 caches files in memory (under the right conditions, you can harvest mp3's from Firefox's memory cache (I was able to once, purely by luck, have not been able to recreate the circumstances again))

    One can always intercept the MP3 file as it is being sent... That's where WebScarab comes in...

    If you don't know what WebScarab is, you must not do a lot of online application analysis (I've personally used it to cheat in forum arcades for ages  :-) ) You can read more about it at it's homepage (located at hxxp: www. owasp. org/index. php/Category:OWASP_WebScarab_Project).  The main feature is that You can code actions that run depending on what is being requested to/delivered from the server.

    I coded a script that will intercepts the mp3 file as it is being delivered, and saves it on the folder where WebScarab is running, along with a log of all URLs that point to the files downloaded (mostly useless after a few hours as sessions expire).

    In order for everything to work, one must set Firefox (as required by current Pandora's Jar version) to use WebScarab as the proxy (localhost:8008 by default),

    place my script in the "Bean Shell",

    set PJ's temp directory to WebScarab's directory,

    and the rest should be automatic.

    If you don't want to install and configure a WebScarab install, as easy as that is, I have made a self-contained Executable JAR with WebScarab modified to always run the script (and has all other plugins disabled).

    I will make the JAR file available, as well as the source code ZIP file (for GNU GPL compliance), once I figure out where to host it... anybody have somewhere with extra free bandwidth available?

    import java.io.File;
    import java.io.FileOutputStream;
    import java.io.IOException;
    import java.io.PrintWriter;
    import java.util.Random;
    import java.util.logging.Level;
    import java.util.logging.Logger;
    
    import org.owasp.webscarab.httpclient.HTTPClient;
    import org.owasp.webscarab.model.HttpUrl;
    import org.owasp.webscarab.model.Request;
    import org.owasp.webscarab.model.Response;
    
    public Response fetchResponse(HTTPClient nextPlugin, Request request)
      throws IOException {
      Response response = nextPlugin.fetchResponse(request);
      HttpUrl url = request.getURL();
      String parsedURL = url.toString();
      if (parsedURL.indexOf("audio-") > -1) {
        // write URL to log
        FileOutputStream oFileList = new FileOutputStream("mp3url.log", true);
        PrintWriter flStream = new PrintWriter(oFileList, true);
        flStream.println(parsedURL);
        flStream.flush();
        flStream.close();
        oFileList.flush();
        oFileList.close();
    
        // write contents to temporary file (to be processed by getMp3() in
        // Pandora's Jar)
        FileOutputStream oMP3 = null;
        Random prng = new Random();
        File mp3File = new File("pandora_mp3-" + prng.nextInt(10)
          + prng.nextInt(10) + prng.nextInt(10) + prng.nextInt(10)
          + prng.nextInt(10) + prng.nextInt(10) + prng.nextInt(10)
          + prng.nextInt(10) + prng.nextInt(10) + prng.nextInt(10) + ".mp3");
        while (mp3File.exists()) {
          mp3File = new File("pandora_mp3-" + prng.nextInt(10) + prng.nextInt(10)
            + prng.nextInt(10) + prng.nextInt(10) + prng.nextInt(10)
            + prng.nextInt(10) + prng.nextInt(10) + prng.nextInt(10)
            + prng.nextInt(10) + prng.nextInt(10) + ".mp3");
        }
        Logger logger = Logger.getLogger("org.owasp.webscarab");
        logger.log(Level.SEVERE, "Saving "" + parsedURL + ""n as ""
          + mp3File.getAbsolutePath() + ""...");
        logger = null;
        oMP3 = new FileOutputStream(mp3File, false);
        oMP3.write(response.getContent());
        oMP3.flush();
        oMP3.close();
      }
      parsedURL = "";
      url = null;
      return response;
    }
    

×
×
  • Create New...