Web cam finder Black girl hookup in oak park il
Dissecting the web traffic, that turned out to be the DDNS setup.
The device comes with a unique 6 character code which the manual says can be used for external viewing, for example if my code is abcdef then it says to browse to see my camera.
I found quite a few open cameras, most boring but a couple of fun ones.
A couple of months went by and unfortunately I didn't get time to write up all the work I'd done, I was then asked to speak at OWASP Leeds and thought it would be a perfect opportunity to release the info.
This is a neat idea because the cameras use a default port of 81 rather than the normal 80 and so users would have to know to add :81 to their URL which would go against the ease of use they are aiming for. If I want to see if a camera with code xxxxxx is registered I simply browse to xxxxxx.and see where I get redirected to.
If the UPn P request to that users router worked then I'll end up on the web interface for their camera.
It isn't hard to request a bunch of URLs, ask HD Moore!
So I wrote a script to scan a range of codes, look at the IP returned and see if it required authentication or not.
The UPn P traffic was attempting to get my router to open up a PAT hole through it, basically allowing the outside world full access to the camera's web interface - not good!For cameras which were registered I did a HEAD request on a password protected page that should exist on the camera if it was online.This told me whether the camera existed or not and if it did whether it required authentication.If you don't use it then remove it, if you do then consider adding extra protection, maybe add some obscurity and move it to a high random port.My camera allows disabling of both the DDNS and UPn P features so I'd recommend doing that as well.
Text is good but pictures are better and a fully interactive Google map is even better than that so I decided to throw the IP address of the cameras which I found through a geo-ip service and see what came out. The final step was to manipulate all the data into Java Script and see how it looked and even though I say so myself, it looked really good! The data here comes from scans of various ranges from aaaa to zzzz and there is a total of 616 cameras dotted around the globe.