Cloak and Code: The Secret Camera Hunt

It doesn't hurt to know a bit about web development and how to view the source of a web page

How are the cameras being displayed? Can you spot what doesn't make sense in the way these camera 'feeds' are being displayed?

So, using incrementing id codes isn't exactly secure coding technique and can be a major security flaw in web applications leaving easy ways in to perform reconaissance on a web site application.  In order to solve this, you might want to suggest to app developers to use something called UUIDs (or better yet, check out GUID2).  These are more unique and random than simply going 1, 2, 3, 4, etc., making it very difficult to probe for data.

Now, with there potentially being 'hundreds' of cameras available, how might you make it easy to find other cameras that might exist?

If you're automating the way in which to find other cameras, what stumbling blocks are in the way?  

A WAF might impede your search slightly... what might you need in order to 'trick' my WAF into letting you through for your automated search?  If you aren't automating a search, why not?  Could you perhaps use some very simple Python code here to save you some time?  You might need to make things appear more 'human' generated!

(full walk through write up and video walk through in progress) - but you should be able to find "secret cameras" 121, 122, and 123.  Bonus "points" if you automated your scan of the view_camera.php file with some Python.  Extra bonus "points" if you didn't hammer my web server too hard while doing your scan  😉.

As an FYI, this is called IDOR -- Insecure Direct Object Reference.  For some additional learning, check out things on UUIDs or CUID2.