Skip to main content

root@localhost

OpenSIPIt'01: Lessons learned, STIR/SHAKEN security testing and RFC 8760

Published on Apr 16, 2021

Executive summary (TL;DR) It was a great event, highly recommended if you’re a SIP developer. We developed new STIR/SHAKEN capabilities in SIPVicious PRO. And we found some vulnerabilities during the event that got fixed in the process. What was OpenSIPIt#01 about? This week the humble security researchers from Enable Security participated in OpenSIPIt#01, an online event run by the community to test interoperability across various independent open-source SIP implementations especially when it comes to new RFCs.…

Read more »

root@localhost

SIPVicious OSS 0.3.3 released with new STDIN and target URL specification

Without further ado, please say hello to SIPVicious OSS 0.3.3! To install or upgrade run pip install -U sipvicious. For more installation methods, see the wiki. What’s new? SIP extensions and passwords from standard input We have a new feature which seems so simple yet so powerful: STDIN for dictionary input! This works for both svwar and svcrack. It is similar to what we did with SIPVicious PRO, which (surprisingly) proved to be a very popular feature.…

Read more »

root@localhost

VoIPmonitor advisories: buffer overflow leading to RCE + XSS vulnerabilities

Published on Mar 15, 2021

VoIPmonitor released updates to both the sniffer component and the web application to address vulnerabilities that your favourite Enable Security researchers identified and reported. The sniffer component had a buffer overflow flaw that we actually abused to run arbitrary code (yes, in 2021!). The web application, on the other hand, was vulnerable to cross-site scripting introduced through SIP messages with XSS payloads - which is pretty bad. And so, we just released three advisories to provide further details so that organisations using this software can make better informed decisions.…

Read more »

root@localhost

SIPVicious OSS 0.3.2 released with more IPv6 goodness!

The free and opensource version of SIPVicious has been updated so that support for IPv6 is also available in svmap. If you can’t wait to try it out, you can get it at the official repository or by using pip3 install sipvicious --upgrade. So now, with svmap’s IPv6 support, you can do stuff like: sipvicious_svmap -6 -v 2a01:7e01::f03c:92ff:fecf:60a8 INFO:DrinkOrSip:trying to get self ip .. might take a while INFO:root:start your engines INFO:DrinkOrSip:-:61500 -> 2a01:7e01::f03c:92ff:fecf:60a8:5060 -> kamailio (5.…

Read more »

root@localhost

Communication Breakdown / rtcsec also on FreeRTC and SIP Planet

Published on Feb 12, 2021

At Enable Security, we often contribute the open source RTC communication in various ways - vulnerability reports, blog posts and analysis. And so, this blog is now aggregated on Free Real-Time Communications (RTC) and SIP planet sites! Now that was a short post :-) Next one will be longer.…

Read more »

root@localhost

SIPVicious PRO 6.0.0-beta.2 takes STDIN and fixes various bugs

What we’re excited about in this minor update is the addition of a new feature to the SIP cracker in SIPVicious PRO. Basically, it now takes input from external tools through standard input. Why? Because it allows infinite ways of generating potential usernames, passwords and/or SIP extensions when making use of external tools such as the maskprocessor included in the well known password cracker, hashcat. Here’s an animation showing usage of the maskprocessor to generate passwords for the SIP online cracking tool:…

Read more »

root@localhost

SIPVicious PRO beta release contains SIP fuzzer and better automation

We just made SIPVicious PRO v6.0.0-beta.1 available to our beta testers. This latest release brings a new SIP fuzzer and enhancements for automation to your favourite RTC offensive security toolset. We have the following highlights with this release: New fuzzing tools - sip fuzz method. This used to be in a separate internal tool called gasoline (see our toolset page); this now been polished and has joined the SVPRO toolset; this has been used to identify vulnerabilities in Kamailio (advisory), sngrep (advisory 1 and 2) and other SIP servers.…

Read more »
Alfred Farrugia

Alfred Farrugia, Enable Security

How doing QA testing for SIPVicious PRO led to an Asterisk DoS

Published on Nov 10, 2020 in , , ,

Executive summary (TL;DR) While heavily testing SIPVicious PRO for bugs, we encountered an unexpected crash in Asterisk. We reported this to the Asterisk team, who recently issued a fix. If you’re a vendor, you too can beta test SIPVicious PRO! How the Asterisk crash was found We test our software as much as we can because, like any other software, ours contains bugs too! When it comes to SIPVicious PRO, one of our quality assurance tests is to run it against instances of Asterisk and Kamailio and check for expected results.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

ClueCon Weekly with Sandro Gauci, demonstration of SIP Digest Leak

Published on Oct 16, 2020 in , ,

ClueCon weekly is a regular video by the people behind Freeswitch and Signalwire, hosted by the very friendly David Duffet. I had the pleasure of recording an interview and a presentation with David a few weeks back. If you would like a summary of what the video chat was about, scroll down to the points below. Otherwise, hope you enjoy the chat as much as I did! Summary Here’s an outline of what went on:…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

RTC Security chat at Kamailio World Online with Daniel and Olle

It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net. If you don’t have time to watch the entire conversation, the following is my summary of this discussion: Introductions and discussions After introductions from Daniel, I took lead to briefly mention what we at Enable Security have been up to, including our work on SIPVicious PRO, our research on WebRTC security especially regarding the TURN server abuse vulnerability, our work on DoS in VoIP and WebRTC infrastructure and finally, research on how Kamailio may be (mis)configured to introduce vulnerabilities.…

Read more »