Tags › sip security testing
OpenSIPS Security Audit Report is fully disclosed and out there
Published on Mar 17, 2023 in sip security, sipvicious pro, sip security testing, security tools, opensips, kamailio, fuzzing, denial of service, research
It’s almost a year since the OpenSIPS project published a minimized version of our security audit report from 2022. Now, the full version has been published, with all the information intact on how to reproduce the vulnerabilities and extra details in an 80+ page report. The OpenSIPS security audit report can be found here. What is the OpenSIPS security audit? OpenSIPS is a SIP server that often has a critical security function within an IP communications system.…
Read more »SIPVicious PRO incremental update - and Gitlab CI/CD examples
Published on Mar 7, 2023 in sip security, sipvicious pro, sip security testing, sipvicious releases, devops, security tools
We just pushed out a new SIPVicious PRO update to our subscribing members! This version does not include any new major features. Instead, it fixes various bugs and brings missing but necessary features to various SIPVicious PRO tools. We have the following highlights in this update: Documentation now includes realistic Gitlab CI/CD examples The RTP fuzzer in the experimental version now supports SRTP Support for new SIP DoS flood request methods The RTP inject tool can now specify the RTP’s SSRC and payload ID The SIP password cracking tool now supports closing the connection upon each attempt The SIP ping utility supports INVITE For the boring details, including a list of bug fixes, do read the release notes for v6.…
Read more »SIPVicious PRO experimental now supports STIR/SHAKEN and 5 new tools
Published on Jul 6, 2022 in sip security, sipvicious pro, sip security testing, sipvicious releases
We just made two builds available to our SIPVicious PRO members. One is called the stable build, while the other is the experimental build. The v6.0.0-beta.5 stable build includes a large number of fixes, much better (or sane) defaults and full coverage of SRTP throughout the toolset. The experimental version is where the excitement is. Our members now have access to 5 new tools that we find useful in our work:…
Read more »DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO
Published on May 25, 2021 in sip security, sipvicious pro, sip security testing, fuzzing, denial of service, training, devops
We pushed out a video that introduces the basics of SIPVicious PRO by demonstrating some of the attack tools and showing the building blocks for automating security testing of VoIP and WebRTC applications and infrastructure. What follows is a transcript of the video. Introduction Hello, I’m Sandro Gauci from Enable Security. In this video, I’d like to show you what we have been working on, SIPVicious PRO! Let’s start by introducing the tools.…
Read more »SIPVicious PRO 6.0.0-beta.4 getting close to take-off!
Published on May 20, 2021 in sip security, sipvicious pro, sip security testing, sipvicious releases
This one’s a bit of a boring update for SIPVicious PRO. That’s because we’re getting to a stable place where flag names and values do not change too often. Which means, we’re getting out of beta rather soon! However, it is still a major update because we made a significant number of internal changes. For example, we standardized a number of flags to be the same across all tools. We discovered that we can minimize each tool’s flagset by making use of config flags such as --auth-config that allows you to configure behaviours specific to how SIPVicious handles authentication (e.…
Read more »
Sandro Gauci, Enable Security
TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server
Published on May 18, 2021 in sip security, sipvicious pro, sip security testing, demo server, sipvicious oss, fuzzing, denial of service, training, devops
TADSummit is a great event where people from different backgrounds that are somehow involved in communications, contribute in various ways. I, personally, always look forward to see what’s coming up in the next TADSummit event. At the moment, TADSummit Asia presentations are currently being released on a daily basis on the main site. And last week, the presentation that I prepared was published! In the previous TADSummit, I had presented about why we need to bring an offensive approach to RTC security.…
Read more »
Alfred Farrugia, Enable Security
Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution
Last updated on Mar 16, 2021 in fuzzing, sip security, sip security testing, research, sipvicious pro, voip security, gasoline
Executive summary (TL;DR) We fuzzed VoIPmonitor by using SIPVicious PRO and got a crash in the software’s live sniffer feature when it is switched on. We identified the cause of the crash by looking at the source code, which was a classic buffer overflow. Then we realized that was fully exploitable since the binaries distributed do not have any memory corruption protection. So we wrote exploit code using ROP gadgets to get remote code execution by just sending a SIP packet.…
Read more »SIPVicious PRO 6.0.0-beta.2 takes STDIN and fixes various bugs
Published on Feb 9, 2021 in sip security, sipvicious pro, sip security testing, sipvicious releases
What we’re excited about in this minor update is the addition of a new feature to the SIP cracker in SIPVicious PRO. Basically, it now takes input from external tools through standard input. Why? Because it allows infinite ways of generating potential usernames, passwords and/or SIP extensions when making use of external tools such as the maskprocessor included in the well known password cracker, hashcat. Here’s an animation showing usage of the maskprocessor to generate passwords for the SIP online cracking tool:…
Read more »Alfred Farrugia, Enable Security
Bug discovery diaries: uncovering sngrep overflow issues with blackbox fuzzing
Last updated on Jan 5, 2021 in fuzzing, sip security, sipvicious pro, sip security testing, opensips
Executive summary (TL;DR) During OpenSIPIt, we crashed sngrep by mistake while briefly fuzzing OpenSIPS. Later on we setup a docker environment to reproduce the issue, identified the actual bugs and reported them upstream. If you want to learn the simple steps to do this, you actually have to read the rest of the post :-) sngrep crash during the live OpenSIPit event Last year we participated in OpenSIPIt’s interoperability testing event which was held between the 14th and 15th of September 2020.…
Read more »SIPVicious PRO beta release contains SIP fuzzer and better automation
Published on Dec 3, 2020 in fuzzing, sip security, sipvicious pro, sip security testing, sipvicious releases
We just made SIPVicious PRO v6.0.0-beta.1 available to our beta testers. This latest release brings a new SIP fuzzer and enhancements for automation to your favourite RTC offensive security toolset. We have the following highlights with this release: New fuzzing tools - sip fuzz method. This used to be in a separate internal tool called gasoline (see our toolset page); this now been polished and has joined the SVPRO toolset; this has been used to identify vulnerabilities in Kamailio (advisory), sngrep (advisory 1 and 2) and other SIP servers.…
Read more »