Blader 4.1.0.0 Supports Downloading RTMP with SecureToken

2009-08-08 20:04

(MediaBox has more powful RTMP detection, download and record abilities. Details>>)

In this article, you will learn how to use Blader 4.1.0.0 to download RTMP resources that require token authorization.

From version 6.1.0.0 on, Coojah supports sniffing network videos in RTMP. And in V6.1.0.4, Blader 4.0.0.0 supports RTMP download. Detailed usage can be found in article Download RTMP video and music by CooJah+Blader.

The following part will show you how to download RTMP resources with secure token and how to get the token:

1. Run CooJah

2. Open the web pages that contain RTMP videos or music or Run the software that plays RTMP medias online

3. CooJah will automatically sniff out RTMP URLs of the media resources.

4. Right click on the RTMP URL. Select "Download by Blader" item in the pop-up menu.

5. Blader will be started and a dialog will pop up for adding task. You can choose location for saving the RTMP resource and rename it.

7. If thr RTMP resource you are downloading requires authorization, Blader will pop up a dialog like below. And you should input the token. Then the download will continue.

Then how to get the RTMP token? Actually, different policies may be used to authorize the RTMP clients. Different analysis is necessary when finding out the tokens of different sites. At present, most popular solution is JW player. JW player supports two kinds of token. One is dynamic token and the other is static token. Static token is hard coded in Flash file of the player. And dynamic token is got from server dynamically when playing.

For static token, you should get the .swf file of the player and decompile the flash file. Then you can get the script files of the player. And search keyword token you will find the token. And for JW player, the token can be found in RTMPModel.as or player.as.

For dynamic token, you can get the token by capture the HTTP GET request to the RTMP server. What server returns is an XML file. The content of the file may like below:

<?xml version="1.0"?>
<config>
<file>mp4:00/00/bb/f6</file>
<autostart>true</autostart>
<type>rtmp</type>
<token>be5a0ccc1fcecc10a6b16a7dbf561c1d8dcd87e9a9c7f6f159de8ec392ebc31b</token>
<streamer>rtmp://206.14.141.94/streamer</streamer>
<fullscreen>true</fullscreen>
<stretching>uniform</stretching>
<quality>true</quality>
<skin>http://www.xxx.com/4skin</skin>
<plugins>http://www.xxx.com/related</plugins>
<related>48118</related>
<bufferlength>10</bufferlength>
<bufferthreshold>15</bufferthreshold>
<maxbuffer>60</maxbuffer>
<keyframeinterval>2</keyframeinterval>
<bitrate>576</bitrate>
<displaybufferthreshold>1</displaybufferthreshold>
</config>

You can see the token filed in the XML file. be5a0ccc1fcecc10a6b16a7dbf561c1d8dcd87e9a9c7f6f159de8ec392ebc31b is definitely the token.

How to capture the HTTP GET request? CooJah can do it. You can turn on the XML filter and the Auto File Detect function. So when starting playing, the XML HTTP GET request can be captured. You should know that the XML file may be compressed and you can rename the extension name of the file to gz and decompress it.