Extracting flash streams?

[kYd420]

Is it possible to extract Flash streams, or play them, from a packet capture file?

I have tried capturing my network traffic whilst using mplayer to play a .flv file from over the Internet and also viewing a video on youtube, and then using tcpreplay to replay this on the local interface where mplayer is listening, but to no avail.

Is there any method of doing so?

[iproute]

ant video downloader with embedded player

Not real sure why you'd want to watch from a pcap recording... I imagine that just by sniffing where a 'sniffed' client is going you could easily watch said video yourself.

[Renek]

I believe he is asking if you can reconstruct flash video from sniffed packets. Why would you want to do this?

[ThePistonDoctor]

....malicious video streams perhaps? I think it would make more sense just to use an evil FLV file but who knows ... I'm a bit intrigued or confused at least

[kYd420]

I believe he is asking if you can reconstruct flash video from sniffed packets. Why would you want to do this?

Exactly, this is what I want to achieve.

More so than anything, it is just out of curiosity to see if it can be done; I'm curious to know if people sniffing my wireless on an open connection without encryption (not that I do) are able to reconstruct my video/webcam streams.

[Renek]

I use xplico to reconstruct http traffic, not sure if it can do flash streams however. May want to check that out.

[gunrunr]

supposedly it can. Just make sure you edit your apache2 server settings as seen here or xplico will not convert your pcaps

Code:

We must also modify the php.ini file to allow uploads (pcap) files. Edit /etc/php5/apache2/php.ini.

The lines to modify are:\\
**post_max_size = 100M** \\
**upload_max_filesize = 100M**\\

[muminrz]

Firefox+DownloadHelper=Yourfile

[kYd420]

(Sorry for the rather late reply)

Firefox+DownloadHelper=Yourfile

Thanks, but that's not quite what I am after; just to clarify, say I had sniffed my network and dumped the packets to a pcap file, I would like to reconstruct/extract any webcam streams (or similar) from the file.

I use xplico to reconstruct http traffic, not sure if it can do flash streams however. May want to check that out.

That's a nice little tool, thanks, I've had no such luck extracting anything from it though.
The author claims it can do RTP dissection, which is basically what I am after, but only supports audio only atm and with a limited number codecs.

Hopefully video support comes soon, or is there something else out there?

[aerokid240]

Open up wireshark >> load pcap >>filter the stream session >> filter only traffic coming from webserver>> dump data to a file >> open up the file in a hex editor >> remove http headers or other headers, before the FLV header >> Save the newly modified file to disk >> open file with suitable flash player to confirm file works.

or

Open up wireshark >> load pcap >> filter the stream session >> filter only traffic coming from webserver>> dump data to a file >> use scalpel or foremost to carve video file >> open file with suitable flash player to confirm file works.