Currently viewing the category:
"Web"
Video embedded in a Flash player prevents easy extraction of the video file. This post describes how to discover and extract video from a Brightcove Flash player with rtmpdump. In the past, the flv files were easily recovered by interrogating the cache. This method relies on the browser logging HTTP network activity, but recently Flash [...]
Video embedded in a Flash player prevents easy extraction of the video file. This post describes how to discover and extract video from a Brightcove Flash player with rtmpdump.
In the past, the flv files were easily recovered by interrogating the cache. This method relies on the browser logging HTTP network activity, but recently Flash players have switched to RTMP, a streaming protocol, which is not logged by the browser.
If the Flash player has a fallback for mobile devices then it is rather easy to trick the player into HTML5 mode and recover an mp4 file.
I intended to extract a video from AMC’s website, which did not have an HTML5 fallback, so I had to recover the stream used by Flash player.
The first step was to examine the network activity for clues about the video source. Brightcove makes this easy because their logging activity includes information about the video.
I opened Chrome’s network activity panel and searched for any requests containing “mp4″, a common format for video on the web. This reveals a 1×1 tracking pixel with a bunch of logging parameters,
http://ma156-r.analytics.edgesuite.net/9.gif?a=S~b=9c1e67f75e9bf1686~c=D2C517F3C2DC4F16AF5BE404B5127F4DD9F3E19B~d=EA2FDD29066B9E06BFA83A8F42BF1A84C16C5DFB~e=1~f=R~g=0~h=1.2~i=1.1~k=89AEF5EBD081F29F468FCD00F20201C817C78AD1~am=D~_ac=&mp4:rtmp_pd/196217268/196217268_2330789578001_AMC-MM-606-NextOn.mp4~ag=www.amctv.com~al=Mac%20OS~dx=1.679~en=Next%20on%20Mad%20Men:%20Episode%20606~pd=760214963001~_tt=Next%20on%20Mad%20Men:%20Episode%20606~_cd_1557=196217268~cm=Akamai~v=17~w=1486~aa=cp126124.edgefcs.net~ab=ondemand/&mp4:rtmp_pd/196217268/196217268_2330789578001_AMC-MM-606-NextOn.mp4~ad=1935~ae=rtmp~af=http://admin.brightcove.com/%5B%5BIMPORT%5D%5D/79423.analytics.edgekey.net/csma/brightcove/BrightcoveCSMALoader.swf~ai=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_8_3)%20AppleWebKit/537.31%20(KHTML,%20like%20Gecko)%20Chrome/26.0.1410.65%20Safari/537.31~aj=11,7,700,169~ak=Flash_PlugIn~an=172~ao=1311~ap=1483~at=Netscape~au=832*455~_aw=rtmp://cp126124.edgefcs.net/ondemand/&mp4:rtmp_pd/196217268/196217268_2330789578001_AMC-MM-606-NextOn.mp4~ay=csma-3.0.27:brightcoveLoader-1.0.25~az=1.2~ba=900000~bb=23.59.190.199~va=1~_cd_1759=cp126124.edgefcs.net~mb=4845000~qoe=99.5068
One of these parameters looks like a URL,
rtmp://cp126124.edgefcs.net/ondemand/&mp4:rtmp_pd/196217268/196217268_2330789578001_AMC-MM-606-NextOn.mp4
So what is RTMP? And how do we get a video out of it? Googling for “edgefcs” led me to rtmpdump, a command-line tool for dumping RTMP streams to files. Usage is uncomplicated,
rtmpdump --rtmp rtmp://cp126124.edgefcs.net/ondemand --playpath mp4:rtmp_pd/196217268/196217268_2330789578001_AMC-MM-606-NextOn.mp4 -o 606.mp4
This command downloads the RTMP stream into a local file, “606.mp4″, which VLC can play.
John Gruber published a helpful JavaScript Bookmarklet Builder which I used to generate my IPA TTS bookmarklet. A few users reported that Chrome choked on the bookmarklet. I found that the bookmarklet builder does not produce the output that Chrome expects. I was using Chrome 15.0.874.54 beta. For example, take this simple script. <code>(function () [...]
John Gruber published a helpful JavaScript Bookmarklet Builder which I used to generate my IPA TTS bookmarklet.
A few users reported that Chrome choked on the bookmarklet. I found that the bookmarklet builder does not produce the output that Chrome expects. I was using Chrome 15.0.874.54 beta.
For example, take this simple script.
<code>(function () {
// what is 1+1?
alert(["1+1=",(1+1)].join(''));
})()
</code>
Gruber’s script produces this bookmarklet: Example 1
javascript:(function%20()%20{alert([%221+1=%22,(1+1)].join(%27%27));})()
If you drag this example to your bookmark bar in Chrome, it will produce this error when invoked.
Uncaught SyntaxError: Unexpected token %
What happened? If you edit the bookmark, you will see that Chrome double-escaped the string,
javascript:(function%2520()%2520%7Balert(%5B%25221+1=%2522,(1+1)%5D.join(%2527%2527));%7D)()
I believe this happened because the string contained some non-escaped characters such as parentheses.
Gruber points out in a footnote that his script intentionally leaves some characters unescaped for the purpose of readability.
It’s unclear to me what characters must be escaped in a bookmarklet URL. Some sources suggest that other punctuation characters, such as brackets and semicolons, ought to be escaped, too, but I can see no practical reason to do so. If you want to be really conservative and escape just about everything, change this line:
uri_escape_utf8($bookmarklet, qq('" \x00-\x1f\x7f-\xff));to:
uri_escape_utf8($bookmarklet);Personally, I prefer to keep the bookmarklet URL itself as readable as possible.
With this change, we get this bookmarklet: Example 2
javascript:%28function%20%28%29%20%7Balert%28%5B%221%2B1%3D%22%2C%281%2B1%29%5D.join%28%27%27%29%29%3B%7D%29%28%29
It may not be as readable as “Example 1″, but it works.
Find my modifications to Gruber’s JavaScript Bookmarklet Builder on GitHub
Ringo, Narwhal, Node, and JavaScriptCore support executing scripts with a shebang. Here are some quick examples to get you started. Ringo #!/usr/bin/env ringo print("ringo"); Narwhal #!/usr/bin/env narwhal print("narwhal"); Node #!/usr/bin/env node require("sys").print("node\n"); JavaScriptCore #!/usr/bin/env jsc print("jsc"); JavaScriptCore nightly added support for shebangs on 6 December 2010. Since Node and JavaScriptCore are binaries, you can use [...]
Ringo, Narwhal, Node, and JavaScriptCore support executing scripts with a shebang.
Here are some quick examples to get you started.
Ringo
#!/usr/bin/env ringo
print("ringo");
Narwhal
#!/usr/bin/env narwhal
print("narwhal");
Node
#!/usr/bin/env node
require("sys").print("node\n");
JavaScriptCore
#!/usr/bin/env jsc
print("jsc");
JavaScriptCore nightly added support for shebangs on 6 December 2010.
Since Node and JavaScriptCore are binaries, you can use the full path instead of env.
Tagged with: JavaScript
