Viproy – VoIP Penetration Testing and Exploitation Kit

August 28, 2013, by | Start Discussion

Introduction

Viproy is developed to improve quality of SIP Penetration Tests. It’s a collection of Metasploit Framework modules focused on SIP tests, it can be used with Metasploit Framework Github edition or Metasploit Framework Pro edition. It has 10 different modules to test target SIP servers with authentication and fuzzing support. Also Viproy has a SIP library to extend Metasploit Framework REX library.

Description of Modules:

1) OPTION

Options module can be used to discover target SIP services and devices.

2) REGISTER

Register module can be used to discover target SIP services and devices too. Also Register module can register a client, a service or test a valid account.

3) INVITE

Invite module is prepared to test call features of target SIP services. Invite spoofing, billing or CDR bypass using custom proxy headers, Invite based DoS attacks and sample call tests can be performed using Invite module.

4) ENUMERATOR

Enumerator module is prepared to enumerate of users and internal numbers of target SIP servers. Enumeration step of the SIP pen-test could be performed with a user list file or numeric user range.

5) BRUTE FORCE

Brute force module is prepared to perform advanced password attacks against SIP services. Password attacks could be initiated using user list files, numeric ranges and passwords file. Password attack operations can be customized easily, for example It can be used to initiate password attacks to a target user with a passwords file, to a numeric range or user list with a few specific passwords.

6) MESSAGE

Message module is prepared to test message features of SIP services. Message support is required to test value added services and service operations of SIP operators. It supports message spoofing, simple fuzz features and message based DoS attacks.

7) PORT SCANNER

Port scanner module can test registration features of SIP proxies. It can perform SIP bounce attacks to discover 3rd party SIP servers using target SIP services.

8) DDOS AMPLIFICATION

DDoS testing module prepared to initiate DDoS attack demos based on SIP error messages. SIP servers send error messages 10+ times for bogus requests. DDoS module can send IP spoofed SIP requests to target SIP services and initiate an attack to 3rd party victims.

9) PROXY

Proxy module is prepared to test SIP clients and SIP services with MITM proxy features. It supports basic search&replace functions to test SIP services. Also it can be used to add new features to SIP clients, such as invite spoofing, proxy headers and fuzzing.

10) TRUST ANALYZER

Trust analyzer module is prepared to test trust relationships of SIP trunks. SIP trunks trust each other in UDP based communications. This module can send IP spoofed invite or message requests to targets to determine trusted SIP trunks. When a trusted SIP trunk detected, it can send spoofed call and message to target SIP clients. Also it has simple fuzzing support to test target SIP clients using trust relationship.

About the Author

Fatih Ozavci is Sr. Security Consultant of Sense of Security, Australia. He is author of Viproy VoIP Penetration and Exploitation Testing Kit, also he has published a paper about Hacking of SIP Trust Relationships. He has discovered many unknown private security vulnerabilities, design and protocol flaws in VoIP environments for his customers. Also he analyzes VoIP design and implementation flaws, and helps to improve VoIP infrastructures as a service. While Fatih's primary expertise is in VoIP penetration testing, mobile application testing and IPTV testing, he is also well versed at network penetration testing, web application testing, reverse engineering, fuzzing and exploit development. He is one of the speakers of Defcon 21, Blackhat 2013, Cluecon 2013 and Athcon 2013.

Leave a Reply