Eavesdropping with Raspberry Pi

Category: Tags: ,

0x01 Required materials
1. Raspberry Pi

2.USB microphone

3.VPS server
Generally, home broadband is not a public IP, and the external network cannot be directly connected, so you need to use a VPS server to achieve FRP intranet penetration, so that you can directly access the home internal host.

I am using vultr’s VPS server

4. Mobile

5.VLC App
VLC is a free and open source cross-platform multimedia player and framework that can play most multimedia files, as well as DVD, audio CD, VCD and various streaming media protocols.

6. Headphones

0x02 Technical Introduction
The main technologies used in this article are: use nginx+rtmp to build an audio live streaming server and FRP intranet penetration.

What is nginx?
Nginx is a high-performance HTTP and reverse proxy web server, and also provides IMAP/POP3/SMTP services.

What is RTMP?
The RTMP protocol is the abbreviation of Real Time Message Protocol (Real Time Message Protocol). It is an application layer protocol proposed by Adobe to solve the multiplexing and packetizing of multimedia data transmission streams. )The problem. With the development of VR technology, live video and other fields have gradually become active, and RTMP, as a widely used protocol in the industry, has also been valued by relevant developers again.

What is FRP?
FRP is the abbreviation of fast reverse proxy. Simply put, FRP is a reverse proxy software. It has the characteristics of light weight and powerful functions, which can enable devices behind the internal network or firewall to provide services to the outside world.


0x03 environment construction
3.1 Use nginx+rtmp to build an audio live streaming server on the Raspberry Pi
1. Install the required dependencies

sudo apt-get install build-essential libpcre3 libpcre3-dev libssl-dev

2. Install nginx and rtmp

wget http://nginx.org/download/nginx-1.17.0.tar.gz

wget https://github.com/arut/nginx-rtmp-module/archive/master.zip

tar -zxvf nginx-1.17.0.tar.gz

unzip master.zip

cd nginx-1.17.0

./configure –with-http_ssl_module –add-module=../nginx-rtmp-module-master


sudo make install

3. Modify the nginx configuration file

Execute sudo nano /usr/local/nginx/conf/nginx.conf and add the following content.

# RTMP protocol

rtmp {

# Create a service to monitor port 1935, which is the default port of RTMP

server {

listen 1935; #default port

chunk_size 4096;

# Created an application called live, which supports live broadcast

application live {

live on;




4. Start nginx+rtmp streaming server

sudo /usr/local/nginx/sbin/nginx

5. Install ffmpeg

sudo apt install ffmpeg

6. Insert the usb microphone into the usb port of the Raspberry Pi, start ffmpeg to collect audio from the usb microphone in real time, and push it to the nginx+rtmp streaming media server built on the Raspberry Pi.

ffmpeg -f alsa -ac 2 -i hw:1,0 -ar 44100 -f flv rtmp://

Parameter Description
The main parameters:

-f set output format

-i Set the input stream (hw: 1, 0 is the external USB audio capture card device, hw: 1, 1 refers to the first external device, because the Raspberry Pi does not have a sound card, so you can only use external Usb audio capture card);

-ar sets the sampling rate (because the output is in flv format, the sampling rate can only be selected from 44100, 22050, 11025);

Note: is the IP address of the Raspberry Pi.

7. Use the VLC software in the windows client to open the network stream, the address is “rtmp://”, you can listen to the sound captured on the Raspberry Pi microphone.

Currently, eavesdropping can be achieved under the same wifi network of the Raspberry Pi. If you want to achieve external listening anywhere, you also need to achieve the following FRP intranet penetration.


3.2 Build FRP intranet penetration service on Raspberry Pi
3.2.1 Server-frps (VPS server)

1. Download the program

My VPS server is an unbuntu system, using the arm64 architecture, so I need to download the frp software of the arm64 architecture.

wget --no-check-certificate https://github.com/fatedier/frp/releases/download/v0.20.0/frp_0.20.0_linux_amd64.tar.gz


tar -xzvf frp_0.20.0_linux_amd64.tar.gz

#new folder

sudo mkdir -p /usr/local/frp


sudo mv frp_0.18.0_linux_amd64 /usr/local/frp

cd /usr/local/frp


#Ensure that the frps program has executable permissions

chmod +x frps

Note: There are mainly 4 files in the directory, which are frpc, frpc.ini and frps, frps.ini. The first two files are the files that the client focuses on, and the last two files are the two files that the server focuses on.

2. Configuration program

First delete the two files frpc and frpc.ini, and then configure, nano ./frps.ini:


bind_port = 9000 #The port that is bound to the client for communication

auto_token = hell.world #The password for the client to connect to the server

Verify that frps is installed successfully:

./frps -c frps.ini

If there is no error message, there is no problem with the configuration and it can be used normally.

Then press Ctrl + C to terminate the program.

3. Start frps on boot.

Edit the /etc/rc.local file and add the start command before the exit 0 statement(if it is ):

nohup /usr/local/frpfrps -c /usr/local/frp/frps.ini &

3.2.2 Client-frpc (Raspberry Pi)

1. Download FRP:

wget https://github.com/fatedier/frp/releases/download/v0.20.0/frp_0.20.0_linux_arm.tar.gz

2. Modify the frpc.ini file:


server_addr = XXX.XXX.XXX.XXX #VPS server’s public IP

server_port = 9000                  #Consistent with server bind_port

auto_token = hello.world          #The password for the client to connect to the server



type = tcp            #Connection protocol

local_ip =    #Intranet server ip

local_port = 1935      #RTMP default port

remote_port = 6000      #Customized access to internal RTMP port number

3. Start frpc:

Execute ./frpc -c ./frpc.ini to start, this is the foreground start, the background start command is:

nohup ./frpc -c ./frpc.ini &

At this point, the FRP intranet penetration is completed.


0x04 start remote monitoring
Use your mobile phone to download VLC Media Player, and connect the headset to the mobile phone (unless you want the eavesdropped content to be heard by people around you, of course you don’t need to connect the headset).

Open the VLC software on the phone and open the network stream, the address is “rtmp://XXX.XXX.XXX.XXX:6000/live/audio”.

Note: XXX.XXX.XXX.XXX is the IP address of the VPS server.

After a while, you can hear the remote real-time sound in the headset. Note that there is a delay in the sound. For my network, the delay is about 2s. You need to measure it yourself.

Note: If the connection is unsuccessful, you can close the VLC software and try again.

0x05 conclusion
When I heard the remote sound from the headset, my heart was extremely excited. I hope that my joy will be shared with everyone.



There are no reviews yet.

Be the first to review “Eavesdropping with Raspberry Pi”

Your email address will not be published. Required fields are marked *