Who's Online
There are currently, 190 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
Mobile Browsers: Trouble Comes in Threes
Posted by cdupuis on Friday, 03 December 2010 @ 09:07:30 EST (2062 reads)
Topic VOIP
Anonymous writes "
NOTE FROM CLEMENT: Interesting post seen on the McAfee Blog about Mobile Browsers
Original Post at: http://www.trustedsource.org/blog/522/Mobile-Browsers-Trouble-Comes-in-Threes
Mobile Browsers: Trouble Comes in Threes November 30th, 2010
Posted by Jimmy Shah
In the last week there have been a few vulnerability disclosures for mobile web browsers. These threats affect a number of smart-phone platforms: Android (Google), WebOS (Palm), and iOS (Apple). Although all three platforms have their own apps and environments, it’s interesting that they’re all vulnerable through the same entry point of the mobile browser.
Data stealing: Android
The vulnerability discovered by security researcher Thomas Cannon can be used to steal data from the SD card. The proof-of-concept website downloads an HTML file containing JavaScript to the phone and then runs the file. This locally loaded file then has access to files stored on the SD card. The attacker’s site can call the JavaScript to upload a file with a known path.
The key to the vulnerability is that locally loaded HTML files are run in the browser with fewer restrictions than web-loaded pages. This doesn’t allow access to the entire phone, just to directories accessible by the browser. The risk is that a number of applications store their data at known paths on the SD card and all of those would be available to attackers.
Although it’s recommended that users turn off JavaScript in the browser to avoid being affected by this vulnerability, this step would break some web applications and tend to reduce the overall usefulness of the browser.
XSS and mobile botnets: WebOS
Orlando Barrera and Daniel Herrera, researchers at security consultancy SecTheory, have discovered a number of bugs in the Palm Pre’s WebOS (Version 1.4-2.0). WebOS is similar to iOS before Apple allowed native apps; every application on the Palm Pre is a web application.
The researchers found a cross-site scripting (XSS) flaw, a floating-point overflow bug, and a denial-of-service vulnerability. The XSS flaw is in the contacts app. A field in the sync window of the app did not sanitize its data, allowing the researchers to insert code that gives them access to and a copy of the contacts database (containing email addresses, email, contacts, etc.). They were also able to implement a keylogger and methods for exporting data to an attacker. They have developed the the basic framework for implementing a botnet on Palm Pre devices.
Palm has patched the XSS vulnerability in the upcoming WebOS 2.0 release, but the other two flaws are not yet fixed.
Spoofing sites/phishing: iOS
To round out our trio, security researcher Nitesh Dhanjani points out the possibility of spoofing websites in Safari on the iPhone. Safari hides the address bar after a site has completely loaded. This lets attackers present their own versions of the address bar that lists a banking or shopping site rather than their own. Dhanjani has provided a proof-of-concept site for the iPhone that masquerades as a banking site.
Without the warning notice on the proof-of-concept site, an unsuspecting user could easily fall victim to phishng.
The issue with this vulnerability is that unlike the Android browser, Safari removes one of the indicators of a possible phishing attack. The absence of the address bar allows for more immersive web applications that appear almost exactly like native apps, but it also allows attackers to take advantage.
Patches: a compete solution?
A number of these vulnerabilities have been patched, but this does not secure all of the affected devices. Embedded systems and mobile phones in particular can’t be patched as easily as your desktop computer. For over-the-air patches there are costs involved in bandwidth, transmission time, and device downtime that argue against frequent updates. These updates also do not include testing and QA on every affected device. The additional work can result in the “fixed it in CVS/SVN/etc.” situation–in which developers have fixed a bug in the project’s source code but the fix hasn’t yet reached current compiled programs.
The outlook with smart phones isn’t quite as stark as with phones with fewer features. Whereas simple phones have almost all their system software and applications in the firmware, smart phones tend to have theirs on easily writable storage. A buggy browser can be fixed with a small signed update, rather than requiring the phone firmware to be reflashed. Or we may see a move toward placing thin firewalls/IDS layers between applications and potential attack vectors. As more vulnerabilities are discovered in mobile applications, these small targeted patches may become the norm.
 McAfee Research Blog overview
"
iPhone leak is getting bigger - Latest Update
Posted by cdupuis on Monday, 07 June 2010 @ 08:50:00 EDT (1977 reads)
Topic VOIP
As seen on the amazing web site of The H Security at:
http://www.h-online.com/security/news/item/iPhone-leak-is-getting-bigger-Update-1012575.html
Connecting an iPhone with Windows and iTunes allows a full backup of the device to be made.
The iPhone's data leak is even more extensive than initially assumed. In initial tests, encrypted and locked devices essentially only disclosed music and images. However, The H's associates at heise Security have now managed to connect an iPhone with iTunes under Windows and created a full backup, including such sensitive data as passwords in clear text.
The problem was initially discovered by Bernd Marienfeldt on an Ubuntu system. In that case the Ubuntu system displayed the various folders of a freshly booted iPhone although the phone was locked and had never had any contact with this Linux system before. A locked iPhone is supposed to refuse any communication with devices it doesn't know. However, if the iPhone is accessed while booting, this can frequently result in the phone pairing with unknown devices regardless of those protections. It appears that some system component hasn't finished booting when the connection request is made and, as a consequence, the iPhone's "lockdownd" daemon allows device pairing:
17:21:46 lockdown.c:818 lockdownd_do_pair(): ValidatePair success
The problem, though, is not with Linux or Windows, but with the iPhone. Using the same technique, heise Security also managed to pair a Windows Vista system with an iPhone. While with Linux only a few selected folders on the iPhone were displayed, Windows allowed full system access. For instance, it was no problem to create a complete backup using iTunes, including items such as notes, text messages and even plain text passwords.
Some text messages shouldn't be accessible by third parties
Pairing wasn't possible with all devices. What exactly it is that determines whether the iPhone accepts a connection request remains unclear. It certainly isn't determined by the device type, because heise Security managed to trick 3G systems as well as 3GS systems. At least in one case, unwanted pairing became impossible after the iPhone's information about already paired devices was deleted. Apple has not yet answered heise Security's questions about whether and when this problem will be solved.
Update: Hector Martin and a couple of developers of the Linux packages usbmuxd and libimobiledevice have done some further research on this issue. Martin has come to the conclusion that the problem only occurs if the iPhone was shut down from an unlocked state. During the wake up this state is restored and the device is "open" for a short period of time before the Springboard application wakes up and locks it down. This short period is sufficient for a pairing to occur that ensures permanent access. An iPhone that was shut down in a locked state does not accept the pairing – which corresponds to heise Security's observations. This reduces the risk somewhat, because a lost iPhone in a locked state cannot be tricked into pairing.
IPhone Password Breaker
Posted by cdupuis on Monday, 08 February 2010 @ 06:37:51 EST (1768 reads)
Topic VOIP
Anonymous writes "As seen on the H-Security website:
5 February 2010, 15:05
Password breaker for iPhone backups
Elcomsoft's iPhone Password Breaker. Elcomsoft's iPhone Password Breaker[1] (EPPB) promises to recover the passwords of protected iPhone backups. This is said to allow access to stored data such as addresses, SMS archives, apps, calendar items, photos, call logs, email account details as well as the browser cache and history. The breaker works offline and does not require iTunes.
So far, however, there is only a beta version[2] (direct download) which uses (currently rather short) English, German and Russian word lists to attempt the recovery of the correct password. The H's associates at heise Security found that the German word list appears slightly strange, containing virtually none of the terms that can usually be found in password lists – items such as "Strukturproblem" or "Steuerhinterziehungsbranche" are only likely to be used as passwords by rather shrewd individuals.
The final version is to support user-defined dictionary attacks and permutations – accelerated by current ATI and Nvidia graphics cards via Stream SDK or CUDA as well as multi-core CPU support. EPPB runs on Windows7, Vista and XP and can apparently crack the backups of generation 2G, 3G and 3GS iPhones as well as first, second and third generation iPod Touch models. The vendor did not, however, mention what the price for the final version will be.
Elcomsoft also offers other software such as Distributed Password Recovery (EDPR). Apart from WPA passwords, EDPR can also recover the passwords used in Office, Adobe Acrobat, PGP, Lotus Notes as well as Windows and Unix passwords.
See also:
- iPhone OS 3.1.3 fixes vulnerabilities[3], a report from The H.
URL of this Article:
http://www.h-online.com/security/news/item/Password-breaker-for-iPhone-backups-923266.html
Links in this Article:
[1] http://www.elcomsoft.com/eppb.html
[2] http://www.elcomsoft.com/download/eppb.zip
[3] http://www.h-online.com/news/item/iPhone-OS-3-1-3-fixes-vulnerabilities-920756.html "
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Posted by cdupuis on Wednesday, 03 February 2010 @ 06:21:52 EST (1553 reads)
Topic VOIP
As seen on Eweek.com:
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge.
Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will present their findings at ShmooCon, held Feb. 5 to 7 in Washington.
"Our original [area of] curiosity was whether these devices could be utilized to supplement cellular deployment in third-world countries (such as the OpenBTS+Asterisk project) in a much cheaper package ($250 compared to over $1,200 for a USRP hardware device plus server costs)," Fasel explained. "After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications."
Femtocell devices are small cellular base stations used to increase wireless coverage in areas with limited service. Because a cell phone does not have business logic to prevent it from connecting to a wireless device acting as a tower that has been tampered with, it is possible for malicious users to abuse that trust and sniff traffic as it traverses the network.
"Through the theoretical attack method outlined in our talk, the attacker would compromise the femtocell device to gain full root access over the device," Fasel said. "As the attacker has access to the device, any services the device offers [are] subject to the attacker's control, including voice, data, authentication and access to the femtocell's home network."
In addition, the researchers plan to offer proof that a malicious user could tamper with a wireless device and create a fake tower in order to monitor people's movement via the identification numbers of their cell phones.
"The cell companies need to focus on the security of the hardware just as much as the software," Fasel said. "In our findings we noticed a limited concern [about] the security of the hardware. We used this to our advantage to get full root access to the device. This then allowed us understand and modify existing software on the device.
"In addition, cellular technologies (specifically in the case of GSM) employ a weak authentication mechanism," he added. "This has been known throughout the security industry for several years."
As for users, there isn't much they can do, he said.
"Stop using cellular technologies? Other than that, because users can't stop using cellular technologies, they must trust their cell phone as much as they trust an open access point," Fasel said. "Use strong encryption on data services and don't say anything over the airwaves that you wouldn't assume someone's listening to."
See original posting at:
http://www.eweek.com/c/a/Security/Researchers-Uncover-Security-Vulnerabilities-in-Femtocell-Technology-760682/
UCSniff 3.0 Released
Posted by cdupuis on Wednesday, 11 November 2009 @ 18:22:45 EST (3627 reads)
Topic VOIP
NOTE FROM CLEMENT: Here is a posting from the Pen-Test mailing list on SecurityFocus. Joshua Wright is commenting about the new UCSniff release. Joshua is not easy to impress, he knows his stuff and his endorsement does speak for the quality and usability of this new version of UCSniff. Here is the posting:
---------- Forwarded message ----------
From: Joshua Wright
Date: Tue, Nov 3, 2009 at 09:22
Subject: Re: UCSniff 3.0 Released
To: Arjun Sambamoorthy
Cc: pen-test@securityfocus.com
> Sipera VIPER Labs has released UCSniff 3.0: > http://ucsniff.sourceforge.net. > > Here are some of the key features of the new version: > > * Real time VoIP and Video monitoring. [ as presented at ToorCon 11, San Diego] > * New codec support, G729, G726, G723. > * GUI version of Windows and Linux. [ as presented at DefCon 17] > * TFTP MitM Modification of IP phone settings. > * New VideoSnarf tool - Converts offline RTP pcap file to media file. > * Windows VLAN implementation, for VLAN Hopping in Windows. As a personal anecdote, I saw Arjun and Jason present the latest developments in UCSniff at ToorCon 11 and was awed at how smoothly the features worked, and the power of the video manipulation features.
Jason and Arjun's demo used a Cisco IPTV camera for video surveillance, watching a bottle of water. First, they established MitM (I believe through ARP spoofing) and saved a segment of the existing video traffic.
Then, they blocked the actual stream from the camera to the receiver and fed the receiver the old video footage instead, causing a momentary blip on the video monitoring side. Then, they stole the bottle of
water, while the video monitoring system happily replayed the old footage.
It reminded me of the A-Team episode where Murdoch climbed into the ceiling and lifted a ceiling tile from above, then used a Polaroid camera to take an instant picture of the room from the perspective of a
ceiling-mounted camera. Then, he taped the photo to the front of the camera so the security guards saw the same view while the rest of the team went through the room undetected. Well, except that Arjun and
Jason's work was much cooler (and a lot less Polaroid-hurry-up-and-develop-waving-action).
Congrats to Jason and Arjun for their awesome work, this is a tool I'm looking forward to using in upcoming customer engagements.
- -Josh
VIPER Lab's VAST Live Distro for VOIP security assessment
Posted by cdupuis on Tuesday, 06 October 2009 @ 23:52:47 EDT (2032 reads)
Topic VOIP
Hello!
I am pretty new to the list and just wanted to let everyone know that I have developed a VoIP security live distribution called VAST.
The distro includes VoIP security assessment tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and a number of other useful tools along with traditional security assessment tools like Metasploit, Nmap, Netcat, Hydra, Hping2 and others.
The link for the distro is http://vipervast.sourceforge.net.
The distro is still in a very beta stage and suggestions are welcome.
Cheers,
Mike Jones
C|EH E|CSA ACSA GCIH GHTQ GHD
Pwning Nokia phones (and other Symbian based smartphones)
Posted by cdupuis on Monday, 06 July 2009 @ 22:24:03 EDT (1712 reads)
Topic VOIP
Hello,
I'll just leave this here ;)
https://www.sec-consult.com/files/SEC_Consult_Vulnerability_Lab_Pwning_Symbian_V1.03_PUBLIC.pdf
Abstract:
1. Perform static analysis of XIP ROM images (dumping, restoring import and export tables, searching for unsafe function calls)
2. Enable run mode debugging of system binaries running from ROM, by cracking the AppTRK debug agent
3. (Ab-)use the AppTRK debug agent as a foundation for dynamic vulnerability analysis
3. Build an exemplary file fuzzer for the video- and audio codecs shipped with current Nokia smartphones
4. List and briefly analyze the identified bugs
5. Discuss further ideas and concepts, such as jailbreak shellcode, and an IRC bot trojan for Symbian
We aim to show that it is possible to find and exploit bugs on Symbian smartphones, even in preinstalled system applications, without having access to special development hardware, and that exploits and worms
similar to those found on desktop systems may be possible on Symbian.
The bugs listed in this paper have been sent to Nokia and are currently under review. Mobile phone manufacturers should be aware that remote vulnerabilities of the kind discussed in this paper could be used in targeted attacks to remotely compromise a smartphone (track GPS, turn on mic, etc.), or as a means of propagation for mobile network worms.
--
Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile +43 676 840301 718 email b.mueller@sec-consult.com Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt Advisor for your information security.
WarVOX phone analysis suite
Posted by cdupuis on Thursday, 21 May 2009 @ 00:40:01 EDT (1762 reads)
Topic VOIP
Anonymous writes "Version 1.0.1 of the WarVOX phone analysis suite has been released. Notable changes since 1.0.0:
- License changed to BSD, no restrictions on commercial use
- Support number exclusion lists / black lists (regex based)
- Support for phone number ranges in addition to masks
- Support for multiple ranges and masks per job
- Numerous bug fixes and stability improvements
- Command line script for exporting dial results (bin/export_list.rb)
Download:
http://warvox.org/releases/warvox-1.0.1.tar.gz
Background:
http://warvox.org/
WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.
WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours.
-HD "
VoIP Hopper 1.0 released! With Nortel support
Posted by cdupuis on Thursday, 07 May 2009 @ 16:21:25 EDT (1849 reads)
Topic VOIP
Anonymous writes "---------- Forwarded message ----------
From: Jason Ostrom
Date: Tue, May 5, 2009 at 12:40
Subject: VoIP Hopper 1.0 released! With Nortel support
To: pen-test@securityfocus.com
VoIP Hopper 1.0 has been released, with several new features, and a new project website:
http://voiphopper.sf.net
What is VoIP Hopper?
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches.
VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
New Features:
* *Nortel Support: * VoIP Hopper can now automatically discover the Voice VLAN ID used in Nortel IP Phone networks and VLAN Hop!
* *DHCP client:* A fully integrated DHCP client! VoIP Hopper now implements DHCP messaging as function calls instead of relying on the old 'dhcpcd' client. This opens up the door for future VLAN Discovery mechanisms for other vendors, such as Alcatel.
* *New CDP mode:* A new CDP Spoof mode that uses a pre-constructed IP Phone packet of a Cisco 7971G-GE! Now you can VLAN Hop faster by spoofing CDP and don't have to construct your own CDP Packet!
* *Error correction with VLAN Interfaces:* Implemented a feature that checks to see if the IP address is already configured for the voice interface before running the VLAN Hop and DHCP request
* *Bug fix 1:* Fixed an important libpcap bug with pcap_next_ex read timeout when CDP sniff mode was used (-c 0) "
UCSniff VOIP Sniffer 2.1 released
Posted by cdupuis on Friday, 10 April 2009 @ 22:20:48 EDT (1962 reads)
Topic VOIP
UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, under the GPLv3 license
UCSniff was created as a Proof of Concept demonstration tool and a method of creating awareness around VoIP/UC threats. It can be used by VoIP/UC Administrators to test their own VoIP Infrastructure in a pilot before vulnerabilities are rolled into production. It can also be used by security professionals as a method of convincing IT decision makers that security best practices should be applied to VoIP/UC in the same way that they are applied to other TCP/IP based, client-server applications.
Some useful features of UCSniff that have been combined together into a single package:
 Allows targeting of VoIP Users based on Corporate Directory and/or extensions
Support for automatically recording private IP video conversations
Automatically re-creates and saves entire voice conversations to a single file that can be played back by media players
Support for G.722 and G.711 u-law compression codecs
Support for H.264 Video codec
Automated VLAN Hop and Discovery support
A UC Sniffer (VoIP and Video) combined with a MitM re-direction tool
Monitor Mode
Sniffs entire conversation if only one phone is in source VLAN
LATEST DEVELOPMENT NEWS:
From: Jason Ostrom
Date: Fri, Apr 3, 2009 at 14:23
Subject: UCSniff 2.1 released
To: "pen-test@securityfocus.com"
UCSniff 2.1 has been released, with several new features and enhancements:
http://ucsniff.sf.net
New features / enhancements:
- Eavesdropping on Microsoft OCS IM conversations
- Support for Avaya SIP eavesdropping (handles SIP re-invites properly)
- Re-write of SIP code for enhanced logging and memory efficiency
- Enhanced ARP spoofing with unicast arp requests (also detects devices that have GARP disabled)
- Support for G.711 a-law codec (already supports G.722, G.711 u-law)
Tested platforms:
Ubuntu 8.10
BT4 Beta
OAT released - new VoIP security tool
Posted by cdupuis on Friday, 10 April 2009 @ 22:11:57 EDT (1978 reads)
Topic VOIP
---------- Forwarded message ----------
From: Jason Ostrom
Date: Wed, Apr 1, 2009 at 14:42
Subject: OAT released - new VoIP security tool
To: "pen-test@securityfocus.com"
VIPER Lab has released OAT (OCS Assessment Tool). OAT is a free VoIP security assessment tool designed to test the security configuration of Microsoft OCS SIP infrastructures, for deployment/implementation issues. It's the first OCS SIP validation tool written in windows. We welcome any feedback.
OAT website: http://voat.sourceforge.net
Some key features of OAT:
- Online dictionary attack against SIP user credentials
- "Presence Stealing" - automated download of all SIP-enabled domain users and SIP presence enumeration
- IM flood security test of domain/targeted OCS users
- Automated calling of domain/targeted OCS users, for purposes of testing for reconnaissance or DoS
VoIP Hopper 0.9.9 Released
Posted by boss on Tuesday, 19 February 2008 @ 08:50:46 EST (6643 reads)
Topic VOIP
Anonymous writes " VoIP Hopper 0.9.9 has been released.
This is the same code that was presented at ShmooCon 4.
Main Site is located at: http://voiphopper.sf.net
NEW FEATURES
* CDP Generator!
VoIP Hopper can generate CDP packets in order to discover the Voice VLAN ID, as any IP Phone based on CDP would do. In this CDP spoof mode, VoIP Hopper will send two CDP packets in order to decipher the VVID, then it will iterate between sleeping for 60 seconds, and sending another packet. Not only is this faster than CDP sniffing, but it can also help bypass any mechanisms that rely on CDP for permitting access to the Voice VLAN.
* Voice VLAN Interface Delete:
VoIP Hopper can delete the created Voice Interface
* MAC Address Spoof, then exit:
VoIP Hopper can change the MAC Address of an interface offline and exit, without VLAN Hopping.
IMPORTANT BUG FIX
VoIP Hopper now correctly decodes 2 bytes for the Voice VLAN ID in CDP Packets instead of only 1 byte. This corrects large VVID values (such as 415, etc) from being incorrectly decoded.
WHAT IS VOIP HOPPER
VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
CREDITS FX <fx@phenoelit.de> for his IRPAS Suite
Jamal Pecou Many others...
Please see the SF site for more information.
VHC "
SIPVicious 0.2 released -- A VOIP audit tool
Posted by boss on Tuesday, 09 October 2007 @ 17:01:20 EDT (1429 reads)
Topic VOIP
cdupuis writes " Version '0.2' of 'SIPVicious' has just been released. You can find more details at: http://freshmeat.net/projects/sipvicious/
The changes in this release are as follows:
Notable features include:
- Session support, which allows you to resume previous scans as well as store the results in database format. Previous results may be exported to various formats: PDF, XML (HTML), CSV, and plain text. Updating may be done easily by making use of subversion (svn update).
- The UI was improved.
- The help was made more intuitive.
- The output was cleaned.
- More debug information is shown when needed. Random scanning techniques were implemented.
The 4 tools that you should be looking at are: - svmap
- svwar
- svcrack
- svreport
svmap
This is a sip scanner. When launched against ranges of ip address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports. For usage instructions check out SvmapUsage.
svwar
Traditionally a war dialer used to call up numbers on the phone network to identify ones that are interesting from ones that are not. With SIP, you can do something similar to identify active users.
svcrack
This is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. It can make use of ranges of numbers or a dictionary file full of possible passwords.
svreport
Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text.
For general help on usage make use of -h or --help switch.
And if you're stuck you can always contact the author.
Other pages
ScreenShots
TodoList
ChangeLog "
SIP Proxy VoIP Security Test Tool
Posted by boss on Tuesday, 19 December 2006 @ 14:25:46 EST (1342 reads)
Topic VOIP
Anonymous writes "As seen on the Securiteam mailing list at: http://www.securiteam.com
SIP Proxy is an Open Source VoIP security test tool which has been developed by the students Philipp Haupt and Matthias H rlimann during their diploma thesis and second student research project at the University of Applied Sciences Rapperswil (www.hsr.ch). Business partner was Compass Security AG in Rapperswil (www.csnc.ch).
In the so called "Proxy Mode", the application acts as a proxy between a VoIP PBX (e.g. Asterisk) and a UA (VoIP hard- or softphone). SIP traffic can be sniffed and dynamically manipulated with the help of regular expressions.
Logged SIP messages can be modified and resent. In the "Test Case Mode" predefined security tests which are specified as XML files can be run against a specific target. Fuzzing technology, which is a kind of black-box testing, can be applied to find weak spots in VoIP devices. There are many more specific modules which can be used within such a test case. For example Wordlist- or Bruteforce attacks. While running a test case, feedback is given by displaying a graphical report which can be exported in a printable PDF document afterwards.
With the help of SIP Proxy, several software bugs and configuration faults in specific VoIP devices have already been discovered.
Additional Information:
The information has been provided by Philipp Haupt.
To keep updated with the tool visit the project's homepage at: http://sourceforge.net/projects/sipproxy "
Nice collection of VOIP tools
Posted by boss on Sunday, 10 December 2006 @ 22:39:55 EST (7298 reads)
Topic VOIP
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
|
[Criptography] DES Modes