Skip to content

feat: detect potential incremental routes and bruteforce them#388

Draft
Ullaakut wants to merge 9 commits intomasterfrom
263-incremental-route-detection
Draft

feat: detect potential incremental routes and bruteforce them#388
Ullaakut wants to merge 9 commits intomasterfrom
263-incremental-route-detection

Conversation

@Ullaakut
Copy link
Copy Markdown
Owner

@Ullaakut Ullaakut commented Jan 28, 2026
edited
Loading

Goal of this PR

Fixes #263

Adds support for detecting “incrementable” RTSP routes (e.g., ChannelID patterns) and automatically brute-forcing sequential variants to discover additional streams on the same target.

Changes

  • Introduces incremental-route parsing/building helpers to identify and increment numeric route segments (with channel-oriented heuristics).
  • Extends the attacker to attempt incremental route discovery after finding a working route and/or valid credentials (while avoiding duplicate routes).

How did I test it?

Unit test coverage was added, but I can't do a proper end to end test myself:

  • RTSPATT only supports exposing a single route per ip/port combo
  • I no longer own CCTV cameras that I could configure to replicate this

@Ullaakut Ullaakut requested a review from Copilot January 28, 2026 17:47
@Ullaakut Ullaakut self-assigned this Jan 28, 2026
@Ullaakut Ullaakut added the enhancement Enhancement of existing features. label Jan 28, 2026
@Ullaakut Ullaakut mentioned this pull request Jan 28, 2026
Open
@Ullaakut Ullaakut linked an issue Jan 28, 2026 that may be closed by this pull request
Brute force on found streams #263
Open

This comment was marked as outdated.

Sign in to view

@Ullaakut Ullaakut force-pushed the 263-incremental-route-detection branch from 156ef9a to b692e2b Compare January 28, 2026 19:05
@Ullaakut Ullaakut force-pushed the 263-incremental-route-detection branch from b692e2b to dc4d6c9 Compare January 28, 2026 19:06
@Ullaakut Ullaakut requested a review from Copilot January 28, 2026 19:32

This comment was marked as outdated.

Sign in to view

@Ullaakut
Copy link
Copy Markdown
Owner Author

Ullaakut commented Jan 28, 2026

In the end, implementing this feature in a safe and correct way introduces much more complexity than I initially anticipated. No longer sure it's worth the maintenance/cognitive complexity cost to include it. Might keep this one on hold unless I see more interest for it. Especially given that it could be replaced by just writing a script to generate a dictionary with incremental channel IDs for the routes 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@whiteboxsolutions whiteboxsolutions Awaiting requested review from whiteboxsolutions whiteboxsolutions will be requested when the pull request is marked ready for review whiteboxsolutions is a code owner

@nblair2 nblair2 Awaiting requested review from nblair2 nblair2 will be requested when the pull request is marked ready for review nblair2 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@Ullaakut Ullaakut

Labels

enhancement Enhancement of existing features.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Brute force on found streams

2 participants

@Ullaakut