Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
RecordRTC is a server-less (entire client-side) JavaScript library can be used to record WebRTC audio/video media streams. It supports cross-browser audio/video recording. Current experiment: 1. Records audio/video separately as wav/webm 2. POST both fil
npm install recordrtc
// to run!
node ./node_modules/recordrtc/index.js
This experiment:
=
merger.bat
)merger.bat
file is executed to invoke ffmpeg functionalities on windows:
@echo off
"C:\ffmpeg\bin\ffmpeg.exe" -i %1 -i %2 %3
It is assumed that you already have installed ffmpeg on your system. Though, EXE file is hard-coded to "C:\ffmpeg\bin\ffmpeg.exe" however you can easily edit it according to your own installations.
=
.sh
filemerger.sh
file is executed to invoke ffmpeg functionalities on Mac/Linux/etc.
ffmpeg -i video-file.webm -i audio-file.wav -map 0:0 -map 1:0 output-file-name.webm
Using Linux; ffmpeg installation is super-easy! You can install DEVEL packages as well.
=
http://www.wikihow.com/Install-FFmpeg-on-Windows
=
Make sure you have homebrew installed. Then run following command:
brew install ffmpeg --with-libvpx --with-theora --whit-libogg --with-libvorbis
In the node.js command prompt window; type node index
; then open http://localhost:8000/
.
=
index.html
var startRecording = document.getElementById('start-recording');
var stopRecording = document.getElementById('stop-recording');
var cameraPreview = document.getElementById('camera-preview');
var audio = document.querySelector('audio');
var recordAudio, recordVideo;
startRecording.onclick = function() {
startRecording.disabled = true;
var video_constraints = {
mandatory: { },
optional: []
};
navigator.getUserMedia({
audio: true,
video: video_constraints
}, function(stream) {
cameraPreview.src = window.URL.createObjectURL(stream);
cameraPreview.play();
recordAudio = RecordRTC(stream, {
bufferSize: 4096
});
recordVideo = RecordRTC(stream, {
type: 'video'
});
recordAudio.startRecording();
recordVideo.startRecording();
stopRecording.disabled = false;
});
};
var fileName;
stopRecording.onclick = function() {
startRecording.disabled = false;
stopRecording.disabled = true;
fileName = Math.round(Math.random() * 99999999) + 99999999;
recordAudio.stopRecording();
recordVideo.stopRecording();
recordAudio.getDataURL(function(audioDataURL) {
recordVideo.getDataURL(function(videoDataURL) {
var files = {
audio: {
name: fileName + '.wav',
type: 'audio/wav',
contents: audioDataURL
},
video: {
name: fileName + '.webm',
type: 'video/webm',
contents: videoDataURL
}
};
cameraPreview.src = '';
cameraPreview.poster = '//www.webrtc-experiment.com/images/ajax-loader.gif';
xhr('/upload', JSON.stringify(files), function(fileName) {
var href = location.href.substr(0, location.href.lastIndexOf('/') + 1);
cameraPreview.src = href + 'uploads/' + fileName;
cameraPreview.play();
});
});
});
};
function xhr(url, data, callback) {
var request = new XMLHttpRequest();
request.onreadystatechange = function() {
if (request.readyState == 4 && request.status == 200) {
callback(request.responseText);
}
};
request.open('POST', url);
request.send(data);
}
=
index.js
var server = require('./server'),
handlers = require('./handlers'),
router = require('./router'),
handle = { };
handle["/"] = handlers.home;
handle["/home"] = handlers.home;
handle["/upload"] = handlers.upload;
handle._static = handlers.serveStatic;
server.start(router.route, handle);
=
server.js
var config = require('./config'),
http = require('http'),
url = require('url');
function start(route, handle) {
function onRequest(request, response) {
var pathname = url.parse(request.url).pathname,
postData = '';
request.setEncoding('utf8');
request.addListener('data', function(postDataChunk) {
postData += postDataChunk;
});
request.addListener('end', function() {
route(handle, pathname, response, postData);
});
}
http.createServer(onRequest).listen(config.port);
}
exports.start = start;
=
handlers.js
var config = require('./config'),
fs = require('fs'),
sys = require('sys'),
exec = require('child_process').exec;
function home(response, postData) {
response.writeHead(200, { 'Content-Type': 'text/html' });
response.end(fs.readFileSync('./static/index.html'));
}
// this function uploads files
function upload(response, postData) {
var files = JSON.parse(postData);
// writing audio file to disk
_upload(response, files.audio);
// writing video file to disk
_upload(response, files.video);
merge(response, files);
}
// this function merges wav/webm files
function merge(response, files) {
// detect the current operating system
var isWin = !!process.platform.match(/^win/);
if (isWin) {
// following command tries to merge wav/webm files using ffmpeg
var merger = __dirname + '\\merger.bat';
var audioFile = __dirname + '\\uploads\\' + files.audio.name;
var videoFile = __dirname + '\\uploads\\' + files.video.name;
var mergedFile = __dirname + '\\uploads\\' + files.audio.name.split('.')[0] + '-merged.webm';
// if a "directory" has space in its name; below command will fail
// e.g. "c:\\dir name\\uploads" will fail.
// it must be like this: "c:\\dir-name\\uploads"
var command = merger + ', ' + videoFile + " " + audioFile + " " + mergedFile + '';
var cmd = exec(command, function(error, stdout, stderr) {
if (error) {
console.log(error.stack);
console.log('Error code: ' + error.code);
console.log('Signal received: ' + error.signal);
response.statusCode = 404;
response.end();
} else {
response.statusCode = 200;
response.writeHead(200, { 'Content-Type': 'application/json' });
response.end(files.audio.name.split('.')[0] + '-merged.webm');
// removing audio/video files
fs.unlink(audioFile);
fs.unlink(videoFile);
// auto delete file after 1-minute
setTimeout(function() {
fs.unlink(mergedFile);
}, 60 * 1000);
}
});
} else { // its probably *nix, assume ffmpeg is available
var audioFile = __dirname + '/uploads/' + files.audio.name;
var videoFile = __dirname + '/uploads/' + files.video.name;
var mergedFile = __dirname + '/uploads/' + files.audio.name.split('.')[0] + '-merged.webm';
var util = require('util'),
exec = require('child_process').exec;
//child_process = require('child_process');
var command = "ffmpeg -i " + videoFile + " -i " + audioFile + " -map 0:0 -map 1:0 " + mergedFile;
var child = exec(command, function(error, stdout, stderr){
stdout ? util.print('stdout: ' + stdout) : null;
stderr ? util.print('stderr: ' + stderr) : null;
if (error) {
console.log('exec error: ' + error);
response.statusCode = 404;
response.end();
} else {
response.statusCode = 200;
response.writeHead(200, { 'Content-Type': 'application/json' });
response.end(files.audio.name.split('.')[0] + '-merged.webm');
// removing audio/video files
fs.unlink(audioFile);
fs.unlink(videoFile);
// auto delete file after 1-minute
setTimeout(function() {
fs.unlink(mergedFile);
}, 60 * 1000);
}
});
}
}
function _upload(response, file) {
var fileRootName = file.name.split('.').shift(),
fileExtension = file.name.split('.').pop(),
filePathBase = config.upload_dir + '/',
fileRootNameWithBase = filePathBase + fileRootName,
filePath = fileRootNameWithBase + '.' + fileExtension,
fileID = 2,
fileBuffer;
while (fs.existsSync(filePath)) {
filePath = fileRootNameWithBase + '(' + fileID + ').' + fileExtension;
fileID += 1;
}
file.contents = file.contents.split(',').pop();
fileBuffer = new Buffer(file.contents, "base64");
if (config.s3_enabled) {
var knox = require('knox'),
client = knox.createClient(config.s3),
headers = { 'Content-Type': file.type };
client.putBuffer(fileBuffer, fileRootName, headers);
} else {
fs.writeFileSync(filePath, fileBuffer);
}
}
function serveStatic(response, pathname, postData) {
var extension = pathname.split('.').pop(),
extensionTypes = {
'js': 'application/javascript',
'webm': 'video/webm',
'gif': 'image/gif'
};
response.writeHead(200, { 'Content-Type': extensionTypes[extension] });
if (extensionTypes[extension] == 'video/webm')
response.end(fs.readFileSync('.' + pathname));
else
response.end(fs.readFileSync('./static' + pathname));
}
exports.home = home;
exports.upload = upload;
exports.serveStatic = serveStatic;
=
router.js
function respondWithHTTPCode(response, code) {
response.writeHead(code, { 'Content-Type': 'text/plain' });
response.end();
}
function route(handle, pathname, response, postData) {
var extension = pathname.split('.').pop();
var staticFiles = {
js: 'js',
gif: 'gif',
css: 'css',
webm: 'webm'
};
if ('function' === typeof handle[pathname]) {
handle[pathname](response, postData);
} else if (staticFiles[extension]) {
handle._static(response, pathname, postData);
} else {
respondWithHTTPCode(response, 404);
}
}
exports.route = route;
=
config.js
exports.port = 8000;
exports.upload_dir = './uploads';
exports.s3 = {
key: '',
secret: '',
bucket: ''
};
exports.s3_enabled = false;
=
RecordRTC is released under MIT licence . Copyright (c) 2013 Muaz Khan.
FAQs
RecordRTC is a server-less (entire client-side) JavaScript library that can be used to record WebRTC audio/video media streams. It supports cross-browser audio/video recording.
The npm package recordrtc receives a total of 110,877 weekly downloads. As such, recordrtc popularity was classified as popular.
We found that recordrtc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.