This project allows you to log and block http request out of tcp. I've build it to monitor http connections my dvr at home, without interfering its tcp protocol. I found out that my dvr had a backdoor allowing everyone to bypass its password and view my cams, moreover it has a backdoor allowing any hacker to get root access to my dvr without password.
It also was discovered by pentestpartners - https://www.pentestpartners.com/security-blog/pwning-cctv-cameras/
This project tests on node 8.4.0, with npm 5.6.0, both ubuntu 16.4, and arm. It has a server part, and panel built with react + redux (webpack).
mongodb
# sudo apt-get install mongodb
alternative - mongodb docker
# docker run -d -p 27017:27017 -p 28017:28017 tutum/mongodb
To install its dependencies:
npm i
to build the client - you dont need to do this if didnt change the code:
npm run build
Make sure ./server/config.js file fits to your configurations.
to run the project:
node server/index.js <localport> <remotehost> <remoteport>
Challenges are regullar expressions, for example you can simply block all GET requests by:
| Field | Test |
|---|---|
| request.method | GET |
to run the client with hot module replacement - for development only:
npm run start
- npm - Dependency Management
- react 16.2.0 - A JavaScript library for building user interfaces
- redux - Managing app state
- mongodb - Project db
- requests pagination
- allow requests search + filter
- block specific ip location
You can contribute the project by submitting a pull request.