Skip to main content

Posts

Showing posts from January, 2013

SIP INVITE attack with Metasploit

Some days ago my friend  @pepeluxx  wrote  another post  about INVITE attacks. He spoke about a  @sinologic   project  which allows to everybody passing some security tests to SIP servers. Furthermore he also published a perl script to do the same task. So I implemented it on Metasploit because I think It could be really useful during a pentesting. It’s interesting because these attacks are really dangerous, normally, attackers try to call to expensive locations. This target numbers often have special charges and they make money with this. Here there are two well known examples: http://blog.sipvicious.org/2010/12/11-million-euro-loss-in-voip-fraud-and.html http://snapvoip.blogspot.com.es/2009/02/calls-to-cuba-and-voip-attacks.html I’m not going to deep in this vector because of being a well known (and old!!) one. Basically the attacker tries to make a call using a misconfigured PBX. This is allowed because  SIP RFC  says that an extension has not to be registered to be abl

Playing with QoffeeSIP: SIP over websocket scanner

Some weeks ago we published QoffeeSIP , the Javascript SIP over websockets stack which we use to develop our WebRTC products in Quobis . An example is IdentityCall , a system designed to provide call authentication in traditional VoIP and IMS environments. Now it achieves the same goal in WebRTC ones, interconnecting them at the same time with PSTN network. Today I’m showing a different case of use that those proposed in examples (the "simplest-example" and a "webphone" ). I’m going to write a simple (but for sure the first one in the world ;) SIP over websockets server scanner . It should send a valid SIP (over websockets) petition, parse the interesting info from the response ( i.e. "User-Agent" ) and print it. I’m using the simplest example as basis, here there are the description of the changes I made on the code: - In this case no HTML video tags are provided to the constructor. The reason is that we are only using websocket features of the stack,