Jump to content


Photo

service stream https


  • Please log in to reply
8 replies to this topic

#1 gogypiko

  • Member
  • 6 posts

0
Neutral

Posted 2 March 2020 - 10:25

In enigma2 the stream service uses http so if you cannot use openvpn it is quite insecure.

With python script pystreamy performs an internal reverse proxy and the service stream is then by https.

With enigma2:
http://192.168.1.45:...1:C00000:0:0:0:

With python pystreamy script:

https://192.168.1.45...1:C00000:0:0:0:

 

download:

 

http://tropical.jung...line/pystreamy/

 

Spanish manual:

 

https://jungle-team....seguro-enigma2/

 

to generate the necessary certificates for the internal reverse proxy of the enigma2 receiver, it has been carried out with dehydrated

 

Script shell for duckdns

 

https://jungle-team....cados.sh_-2.zip



Re: service stream https #2 WanWizard

  • PLi® Core member
  • 70,542 posts

+1,812
Excellent

Posted 2 March 2020 - 11:42

HTTPS is only useful against man-in-the-middle attacks, which is not relevant for a stream. Using HTTPS doesn't make it not more secure at all.

 

The reason a VPN is more secure is not because of the encryption, but because of end-point authentication, similar to using an SSH tunnel.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: service stream https #3 gogypiko

  • Member
  • 6 posts

0
Neutral

Posted 2 March 2020 - 12:00

HTTPS is only useful against man-in-the-middle attacks, which is not relevant for a stream. Using HTTPS doesn't make it not more secure at all.

 

The reason a VPN is more secure is not because of the encryption, but because of end-point authentication, similar to using an SSH tunnel.

 

if it is true, but it depends on what situations such as the use of a smartv do not have the possibility of using openvpn, it will be somewhat safer to use https than http.

In addition to the reverse proxy with pystreamy, the authentication data is not that of the enigma 2 receiver but of the created proxy, therefore if someone accessed that data, they would not have the enigma2 authentication data.



Re: service stream https #4 WanWizard

  • PLi® Core member
  • 70,542 posts

+1,812
Excellent

Posted 2 March 2020 - 12:06

The smarttv is a client, the box is a server, so in terms of security those two don't really compare.

 

The biggest issue with opening up your box onto the internet is it being hijacked for an IPTV streaming network, and you don't prevent that by encapsulating the stream into TLS.

 

I just want to make sure people reading this understand that, and not have a false sense of security...


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: service stream https #5 gogypiko

  • Member
  • 6 posts

0
Neutral

Posted 2 March 2020 - 12:14

The smarttv is a client, the box is a server, so in terms of security those two don't really compare.

 

The biggest issue with opening up your box onto the internet is it being hijacked for an IPTV streaming network, and you don't prevent that by encapsulating the stream into TLS.

 

I just want to make sure people reading this understand that, and not have a false sense of security...

 

If we agree on that it is not that you have more security to encapsulate, but at least you are not using the enigma2 system login, that if someone accessed the username and password of the stream they would also have the access data to the receiver .... since in enigma2 the user for stream is the same as the user to access the system

In short, it is advisable and safer to use openvpn as you say, but in the case of not being able to use openvpn it is safer to use https with a username and password different from the enigma2 system



Re: service stream https #6 WanWizard

  • PLi® Core member
  • 70,542 posts

+1,812
Excellent

Posted 2 March 2020 - 13:44

Yes, I agree.

 

But in that case I still won't go this route, but use an SSH tunnel instead, in combination with public key authentication.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: service stream https #7 gogypiko

  • Member
  • 6 posts

0
Neutral

Posted 2 March 2020 - 13:59

Yes, I agree.

 

But in that case I still won't go this route, but use an SSH tunnel instead, in combination with public key authentication.

 

if what happens is that under specific environments you will not be able to use that option that you mention

If the client device is a smartv television, and your router has no option.

¿ How would you create an ssh tunnel with smarttv television?


Re: service stream https #8 WanWizard

  • PLi® Core member
  • 70,542 posts

+1,812
Excellent

Posted 2 March 2020 - 14:10

True.

 

You do need a very good internet connection between the two devices to make that work btw. I have a decent connection, and I've never been able to have a stable TS stream, there is simply too much latency and jitter involved for realtime non-buffered streams to work reliably...


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: service stream https #9 gogypiko

  • Member
  • 6 posts

0
Neutral

Posted 17 March 2020 - 18:34

version 5.0 possibility to add multiple users straming and status

 

 

j1.png?resize=768%2C418&ssl=1

 

Y en status puedes ver que usuarios se han conectado

 

marica.png?resize=768%2C418&ssl=1




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users