Archive for January, 2012


How To Install RED5 Server on Centos 5.3

Filed Under: Linux, Red5, Technology by Nguyễn Bá Khoa — Leave a comment
16/01/2012

In this how to i will describe how to install RED5 server on Centos 5.3. This how to can be used to install RED5 server on Centos 4 and Fedora 8 – 11 as well. RED5 is open source flash server written in java supports streaming audio/video, recording client streams, shared objects, live stream publishing etc.

1) Download and Install Java

RED5 server depends on Java. CentOS 5.3 comes with OpenJDK 1.6 and install it using yum.

yum -y install java-1.6.0-openjdk java-1.6.0-openjdk-devel

2) Download and Install Ant & Ivy (Apache Project)

Ant will need to compile RED5 server code. Ant comes in binary form, so just download and install it in /usr/local directory.

cd /usr/src

wget http://mirrors.isu.net.sa/pub/apache//ant/binaries/apache-ant-1.8.2-bin.tar.bz2

tar jxvf apache-ant-1.8.2-bin.tar.bz2

mv apache-ant-1.8.2 /usr/local/ant

cd /usr/src

svn co https://svn.apache.org/repos/asf/ant/ivy/core/trunk ivy

cd ivy

ant jar

cp build/artifact/jars/ivy.jar /usr/local/ant/lib/

3) Export Variables for Ant and Java

export ANT_HOME=/usr/local/ant

export JAVA_HOME=/usr/lib/jvm/java

export PATH=$PATH:/usr/local/ant/bin

Also export these variables in /etc/bashrc to become available for every user login or for any terminal opens.

echo ‘export ANT_HOME=/usr/local/ant’ >> /etc/bashrc

echo ‘export JAVA_HOME=/usr/lib/jvm/java’ >> /etc/bashrc

echo ‘export PATH=$PATH:/usr/local/ant/bin’ >> /etc/bashrc

4) Download and Install RED5 Server

Here the latest version available for RED5 is 0.7 on site but download from google code using svn as the tarball of 0.7 on site is missing some of the files.

cd /usr/src

svn checkout http://red5.googlecode.com/svn/java/server/trunk/ red5

mv red5 /usr/local/

cd /usr/local/red5

ant prepare

ant dist

you will see a ton of lines, but you should get at last

BUILD SUCCESSFUL

that’s mean its install and now copy the conf directory from dist/ and test the red5 installation.

cp -r dist/conf .

./red5.sh

If it shows Installer service created in the last then everything is fine here, press ctrl+c and move to next step to create init script.

5) Init Script

Now we will create init script for red5 to start, stop and restart easily.

vi /etc/init.d/red5

download http://www.sohailriaz.com/downloads/red5.txt and copy / paste code in it. The init script code also be viewed below.

#!/bin/sh

# For RedHat and cousins:

# chkconfig: 2345 85 85

# description: Red5 flash streaming server

# processname: red5

PROG=red5

RED5_HOME=/usr/local/red5

DAEMON=$RED5_HOME/$PROG.sh

PIDFILE=/var/run/$PROG.pid

# Source function library

. /etc/rc.d/init.d/functions

[ -r /etc/sysconfig/red5 ] && . /etc/sysconfig/red5

RETVAL=0

case “$1″ in

start)

echo -n $”Starting $PROG: ”

cd $RED5_HOME

$DAEMON >/dev/null 2>/dev/null &

RETVAL=$?

if [ $RETVAL -eq 0 ]; then

echo $! > $PIDFILE

touch /var/lock/subsys/$PROG

fi

[ $RETVAL -eq 0 ] && success $”$PROG startup” || failure $”$PROG startup”

echo

;;

stop)

echo -n $”Shutting down $PROG: ”

killproc -p $PIDFILE

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$PROG

;;

restart)

$0 stop

$0 start

;;

status)

status $PROG -p $PIDFILE

RETVAL=$?

;;

*)

echo $”Usage: $0 {start|stop|restart|status}”

RETVAL=1

esac

exit $RETVAL

Enable executable permission

chmod +x /etc/init.d/red5

Now start the service

/etc/init.d/red5 start

check status

/etc/init.d/red5 status

red5 (pid  XXXXX) is running…

again you can do stop, restart.

6) Test

Now test the RED5 installation by opening following URL in browser

http://yourip:5080/

you will see red5 page like this

red5_11

and demos can be find here.

http://yourip:5080/demos/

red5_21

You can use simple port tester tool that determines which ports the Flash Player is able to connect through to the Red5 server. Put your server address or IP in HOST when using port tester. You should get SUCCESS on RTMP or port 1935. If not please check your firewall.

http://yourip:5080/demos/port_tester.html

red5_3

7) ISSUE

When you run ./red5.sh, it will show you Installer service created. Thats mean everything runs fine and red5 server is up. But if you went to port_tester.swf using demos above or your application shows connections FAILS, this is an issue of RTMPT and RTMPTS. You can see it by running

/usr/local/red5/red5.sh

output trancated

[INFO] [main] org.red5.server.tomcat.TomcatLoader – RTMPT server bean was not found

[INFO] [main] org.red5.server.tomcat.TomcatLoader – RTMPS server bean was not found

output truncated

If you see this you have to uncomment the RTMPT and RTMPTS TomcatLoader in/usr/local/red5/conf/red5-core.xml

vi /usr/local/red5/conf/red5-core.xml

Search for a lines

<!– RTMPT –>

<!–

<bean id=”rtmpt.server” class=”org.red5.server.net.rtmpt.TomcatRTMPTLoader” init-method=”init” lazy-init=”true”>

Remove the <!– from start of <bean and –> from end of </bean>

Same goes for RTMPS

<!– RTMPS –>

<!–

<bean id=”rtmps.server” class=”org.red5.server.net.rtmps.TomcatRTMPSLoader” init-method=”init” lazy-init=”true”>

Remove the <!– from start of <bean and –> from end of </bean>

Restart the red5 services and connection fails problem will be fixed.

If you any question please use comments.

pixelstats trackingpixel

Comment

Python OCR… or how to break CAPTCHAs

Filed Under: Python, Technology by Nguyễn Bá Khoa — Leave a comment
07/01/2012

After my little stint writing the scr.im PoC script, a few people on Twitter reminded me of a blog post that Andreas Riancho from Bonsai-sec wrote back in February. Andreas (the creator of the excellent W3AF tool) wrote a short Python script to take a CAPTCHA image and perform an OCR on it. As a geek, this peaked my interest, but the one problem I had with it was that the script relied on the pytesser Python library, which is Windows only!

There were a few issues with that.

  1. It’s Windows only and I prefer to avoid Windows unless there’s no other choice
  2. The project only ever reached version 0.0.1
  3. The project has been abandoned since May 2007

So, not wanting to give up on something that looked fun, and also useful, I started a search for an alternative. I quickly found that the pytesser Python library is a wrapper around the tesseract-ocr project, and that there had been some work on another Python library called Python-Tesseract that looks like it does the job (and isn’t platform dependent).

After installing tesseract-ocr (apt-get install tesseract-ocr on Backtrack) I downloaded the Python-tesseract files and modified the script from Andreas Riancho a little (the actual changes to make things work are minimal). I also changed a few things to get the script to reasonably accurately decode scr.im captcha images.

#!/usr/bin/python

# [PoC] tesseract OCR script - tuned for scr.im captcha
#
# Chris John Riley
# blog.c22.cc
# contact [AT] c22 [DOT] cc
# 12/10/2010
# Version: 1.0
#
# Changelog
# 0.1> Initial version taken from Andreas Riancho's \
#      example script (bonsai-sec.com)
# 1.0> Altered to use Python-tesseract, tuned image \
#      manipulation for scr.im specific captchas
#

from PIL import Image

img = Image.open('captcha.jpg') # Your image here!
img = img.convert("RGBA")

pixdata = img.load()

# Make the letters bolder for easier recognition

for y in xrange(img.size[1]):
 for x in xrange(img.size[0]):
 if pixdata[x, y][0] < 90:
 pixdata[x, y] = (0, 0, 0, 255)

for y in xrange(img.size[1]):
 for x in xrange(img.size[0]):
 if pixdata[x, y][1] < 136:
 pixdata[x, y] = (0, 0, 0, 255)

for y in xrange(img.size[1]):
 for x in xrange(img.size[0]):
 if pixdata[x, y][2] > 0:
 pixdata[x, y] = (255, 255, 255, 255)

img.save("input-black.gif", "GIF")

#   Make the image bigger (needed for OCR)
im_orig = Image.open('input-black.gif')
big = im_orig.resize((1000, 500), Image.NEAREST)

ext = ".tif"
big.save("input-NEAREST" + ext)

#   Perform OCR using tesseract-ocr library
from tesseract import image_to_string
image = Image.open('input-NEAREST.tif')
print image_to_string(image)

A majority of this code is preparation, the actual OCR job is performed in the final lines using the image_to_string call. Simple isn’t it!

The above script is tuned to the scr.im captcha image. As can be seen by the below examples:

As you can see, after running it through some filters (thanks Andreas), the CAPTCHA becomes a lot clearer, and significantly easier to OCR. Even in this case however, tesseract-ocr sometimes returns the value as W6BHP instead of W68HP. Still, that’s an easy mistake to make… and I’m sure with more tweaking, the preparation could be perfected!

So, next time somebody says “we implemented a CAPTCHA to prevent scripted attacks“, you can take it with a pinch of salt!

Links:

  • [PoC] scr.im.tesseract.py script –> here
  • Breaking Weak CAPTCHA in 26 Lines of Code –> bonsai-sec.com
  • Pytesser –> here
  • Tesseract-OCR –> here
  • Python-Tesseract –>here
Tags: , ,
Comment
Powered by WordPress | Theme: by 85ideas. Editor by Khoanguyen