Upnp
来自Jack's Lab
(版本间的差异)
(→Hacking) |
(→Reference) |
||
(未显示1个用户的4个中间版本) | |||
第8行: | 第8行: | ||
<source lang=bash> | <source lang=bash> | ||
+ | $ cat request.txt | ||
+ | M-SEARCH * HTTP/1.1 | ||
+ | HOST: 239.255.255.250:1900 | ||
+ | MAN: "ssdp:discover" | ||
+ | MX: 3 | ||
+ | ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 | ||
+ | |||
+ | $ nc -uvv 239.255.255.250 1900 < request.txt | ||
+ | Connection to 239.255.255.250 1900 port [udp/ssdp] succeeded! | ||
+ | |||
+ | $ socat -T1 STDIO UDP4-DATAGRAM:239.255.255.250:1900 < request.txt | ||
+ | |||
$ sudo tcpdump -vv -A -s 0 -i wlan0 udp port 1900 and host 239.255.255.250 | $ sudo tcpdump -vv -A -s 0 -i wlan0 udp port 1900 and host 239.255.255.250 | ||
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes | tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes | ||
第45行: | 第57行: | ||
MX: 15 | MX: 15 | ||
ST: urn:Belkin:device:** | ST: urn:Belkin:device:** | ||
+ | |||
+ | NOTIFY * HTTP/1.1 | ||
+ | Host: 239.255.255.250:1900 | ||
+ | Cache-Control: max-age=60 | ||
+ | Location: http://192.168.1.1:1780/InternetGatewayDevice.xml | ||
+ | NTS: ssdp:alive | ||
+ | Server: POSIX, UPnP/1.0 linux/5.100.104.2 | ||
+ | NT: urn:schemas-upnp-org:device:InternetGatewayDevice:1 | ||
+ | </source> | ||
+ | |||
+ | |||
+ | <source lang=bash> | ||
+ | POST /upnp/control?WANIPConnection HTTP/1.1 | ||
+ | Host: 192.168.1.1 | ||
+ | SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress" | ||
+ | Accept-Language: de-de;q=1, de;q=0.5 | ||
+ | Accept-Encoding: gzip | ||
+ | Content-Type: text/xml; charset="utf-8" | ||
+ | User-Agent: gupnp-universal-cp GUPnP/0.20.10 DLNADOC/1.50 | ||
+ | Connection: Keep-Alive | ||
+ | Content-Length: 281 | ||
+ | |||
+ | <?xml version="1.0"?> | ||
+ | <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> | ||
+ | <s:Body> | ||
+ | <u:GetExternalIPAddress xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"></u:GetExternalIPAddress> | ||
+ | </s:Body> | ||
+ | </s:Envelope> | ||
+ | </source> | ||
+ | |||
+ | |||
+ | <source lang=bash> | ||
+ | HTTP/1.1 200 OK | ||
+ | EXT: | ||
+ | Content-Type: text/xml; charset="utf-8" | ||
+ | Date: Tue, 04 Aug 2015 23:55:01 GMT | ||
+ | Server: servername/2.0 UPnP/1.0 UPnP-Device-Host/1.0 | ||
+ | Content-Length: 380 | ||
+ | |||
+ | <?xml version="1.0"?> | ||
+ | <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> | ||
+ | <s:Body> | ||
+ | <u:GetExternalIPAddressResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"> | ||
+ | <NewExternalIPAddress>123.123.123.123</NewExternalIPAddress> | ||
+ | </u:GetExternalIPAddressResponse> | ||
+ | </s:Body> | ||
+ | </s:Envelope> | ||
</source> | </source> | ||
<br><br> | <br><br> | ||
+ | |||
== Reference == | == Reference == | ||
第58行: | 第118行: | ||
* http://upnp.org/specs/av/UPnP-av-MediaRenderer-v1-Device.pdf | * http://upnp.org/specs/av/UPnP-av-MediaRenderer-v1-Device.pdf | ||
* http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf | * http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf | ||
+ | * https://www.tripwire.com/state-of-security/featured/my-sector-story-root-shell-on-the-belkin-wemo-switch/ | ||
* https://tools.ietf.org/html/draft-cohen-gena-client-00 | * https://tools.ietf.org/html/draft-cohen-gena-client-00 |
2018年10月4日 (四) 14:10的最后版本
[编辑] 1 Overview
The main goal of UPnP is to make adding network devices and networked programs to a network as easy as it is to plug in a piece of hardware into a PC (or even easier, as that is often error prone). The devices and programs find out about the network setup and other networked devices and programs through discovery and advertisements of services and configure themselves accordingly. In short: UPnP is a framework to build networked applications.
[编辑] 2 Hacking
$ cat request.txt M-SEARCH * HTTP/1.1 HOST: 239.255.255.250:1900 MAN: "ssdp:discover" MX: 3 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 $ nc -uvv 239.255.255.250 1900 < request.txt Connection to 239.255.255.250 1900 port [udp/ssdp] succeeded! $ socat -T1 STDIO UDP4-DATAGRAM:239.255.255.250:1900 < request.txt $ sudo tcpdump -vv -A -s 0 -i wlan0 udp port 1900 and host 239.255.255.250 tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes 17:50:46.507671 IP (tos 0x0, ttl 1, id 18834, offset 0, flags [none], proto UDP (17), length 201) localhost.57277 > 239.255.255.250.1900: [udp sum ok] UDP, length 173 E...I..........;.......l..&1M-SEARCH * HTTP/1.1 HOST: 239.255.255.250:1900 MAN: "ssdp:discover" MX: 1 ST: urn:dial-multiscreen-org:service:dial:1 USER-AGENT: Google Chrome/56.0.2924.87 Windows 17:50:58.181673 IP (tos 0x0, ttl 1, id 22084, offset 0, flags [none], proto UDP (17), length 202) localhost.52827 > 239.255.255.250.1900: [udp sum ok] UDP, length 174 E...VD.........A.....[.l....M-SEARCH * HTTP/1.1 HOST: 239.255.255.250:1900 MAN: "ssdp:discover" MX: 1 ST: urn:dial-multiscreen-org:service:dial:1 USER-AGENT: Google Chrome/55.0.2883.95 Mac OS X 17:49:42.200862 IP (tos 0x0, ttl 4, id 64314, offset 0, flags [DF], proto UDP (17), length 150) localhost.50000 > 239.255.255.250.1900: [udp sum ok] UDP, length 122 E....:@....<...=.....P.l..b:M-SEARCH * HTTP/1.1 HOST: 239.255.255.250:1900 MAN: "ssdp:discover" MX: 15 ST: urn:schemas-upnp-org:device:basic:1 17:49:42.414950 IP (tos 0x0, ttl 4, id 64325, offset 0, flags [DF], proto UDP (17), length 135) localhost.50000 > 239.255.255.250.1900: [udp sum ok] UDP, length 107 E....E@....@...=.....P.l.s..M-SEARCH * HTTP/1.1 HOST: 239.255.255.250:1900 MAN: "ssdp:discover" MX: 15 ST: urn:Belkin:device:** NOTIFY * HTTP/1.1 Host: 239.255.255.250:1900 Cache-Control: max-age=60 Location: http://192.168.1.1:1780/InternetGatewayDevice.xml NTS: ssdp:alive Server: POSIX, UPnP/1.0 linux/5.100.104.2 NT: urn:schemas-upnp-org:device:InternetGatewayDevice:1
POST /upnp/control?WANIPConnection HTTP/1.1 Host: 192.168.1.1 SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress" Accept-Language: de-de;q=1, de;q=0.5 Accept-Encoding: gzip Content-Type: text/xml; charset="utf-8" User-Agent: gupnp-universal-cp GUPnP/0.20.10 DLNADOC/1.50 Connection: Keep-Alive Content-Length: 281 <?xml version="1.0"?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <s:Body> <u:GetExternalIPAddress xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"></u:GetExternalIPAddress> </s:Body> </s:Envelope>
HTTP/1.1 200 OK EXT: Content-Type: text/xml; charset="utf-8" Date: Tue, 04 Aug 2015 23:55:01 GMT Server: servername/2.0 UPnP/1.0 UPnP-Device-Host/1.0 Content-Length: 380 <?xml version="1.0"?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <s:Body> <u:GetExternalIPAddressResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"> <NewExternalIPAddress>123.123.123.123</NewExternalIPAddress> </u:GetExternalIPAddressResponse> </s:Body> </s:Envelope>
[编辑] 3 Reference
- http://upnp.org/resources/documents/UPnP_UDA_tutorial_July2014.pdf
- http://upnp.org/specs/basic/UPnP-basic-Basic-v1-Device.pdf
- http://upnp.org/specs/av/UPnP-av-ConnectionManager-v1-Service.pdf
- http://upnp.org/specs/av/UPnP-av-MediaRenderer-v1-Device.pdf
- http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf
- https://www.tripwire.com/state-of-security/featured/my-sector-story-root-shell-on-the-belkin-wemo-switch/