Voip
Voip
Voip
• VOIP stands for (Voice Over IP) - Voice /Video/messaging that uses IP-based
transport protocols for transmission
• What is SIP?
SIP stands for Session Initiation Protocol (it is a voice control
protocol), developed by IETF
• SIP is one of the predominant VOIP control protocols
Source: https://en.wikipedia.org/wiki/Session_Initiation_Protocol
SIP,MGCP,H.323,XMPP…
…etc
What applications are using VoIP?
This is a small snapshot of the most popular VoIP applications.
• SIP structure is very similar to HTTP session structure (both request and
response paradigm)
Structure of a SIP session
Similar to HTTP
Response (Unathorised
Return code 401)
• wrapping SIP into TLS makes it more secure (HTTP vs HTTPS, POP3 vs POP3S, LDAP vs
LDAPS etc.)
Application layer
obfuscated
SIP –two aspects of attacks
• build a mechanism capable of intercepting and decrypting the TLS wrapped session
• forward the traffic from this protocol-agnostic proxy to Burp so we can play with
packets
Solution design-1st part (interception and decryption)
• Burpsuite does that job No. 1, but only for HTTP(S) – it does not speak SIP or any other
non-HTTP(S) protocols for that matter
• NOTE: remember that now that we have Burp reading the SIP, several other attacks
can be mounted :
-send SIP request to Burp Repeater,
-change call destinations,
-brute force destination numbers,
-change user agent fingerprint ,
-inject some funky headers/establish covert channel attack,
-spoof calling ID…
Response=MD5(H1:nonce:nc:cnonce:qop:H2)
https://github.com/adenosine-phosphatase/sipcrack2
Final thoughts
• Development
sipcrack2 is for now just a linux version, hope to release Windows version with
CUDA/multithreading & parallel processing in a near future
• Recommendations
-use strong passwords
-do not use self-signed certificates
-use client side certificate in addition to server
Shutting down