Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[TOOL] SIP Proxy VoIP Security Test Tool

from [SecuriTeam] Network Security [Permanent Link]
Subject: [TOOL] SIP Proxy VoIP Security Test Tool
Date: 19 Dec 2006 10:27:30 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  SIP Proxy VoIP Security Test Tool
------------------------------------------------------------------------


SUMMARY



DETAILS

SIP Proxy is an Open Source VoIP security test tool which has been 
developed by the students Philipp Haupt and Matthias H rlimann during 
their diploma thesis and second student research project at the University 
of Applied Sciences Rapperswil (www.hsr.ch). Business partner was Compass 
Security AG in Rapperswil (www.csnc.ch).

In the so called "Proxy Mode", the application acts as a proxy between a 
VoIP PBX (e.g. Asterisk) and a UA (VoIP hard- or softphone). SIP traffic 
can be sniffed and dynamically manipulated with the help of regular 
expressions. Logged SIP messages can be modified and resent. In the "Test 
Case Mode" predefined security tests which are specified as XML files can 
be run against a specific target. Fuzzing technology, which is a kind of 
black-box testing, can be applied to find weak spots in VoIP devices. 
There are many more specific modules which can be used within such a test 
case. For example Wordlist- or Bruteforce attacks. While running a test 
case, feedback is given by displaying a graphical report which can be 
exported in a printable PDF document afterwards.

With the help of SIP Proxy, several software bugs and configuration faults 
in specific VoIP devices have already been discovered.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:philipp.haupt@hsr.ch> 
Philipp Haupt.
To keep updated with the tool visit the project's homepage at:  
<http://sourceforge.net/projects/sipproxy> 
http://sourceforge.net/projects/sipproxy



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [TOOL] SIP Proxy VoIP Security Test Tool, SecuriTeam <=
Previous by Date:  [UNIX] GNOME Foundation Display Manager gdmchooser Format String Vulnerability, SecuriTeam
Next by Date:  [NT] Winamp Web Interface Multiple Vulnerabilities, SecuriTeam
Previous by Thread:  [UNIX] GNOME Foundation Display Manager gdmchooser Format String Vulnerability, SecuriTeam
Next by Thread:  [NT] Winamp Web Interface Multiple Vulnerabilities, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]