Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, CUCDM exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.
Viproxy MITM Proxy and Testing Tools is developed using Metasploit Framework environment. It is a standalone Metasploit module which enables users to intercept the TCP/TLS traffic and to execute some attacks against thick client applications, mobile applications and VoIP clients. Viproxy can be used to attack the Microsoft Lync and Skype for Business environments as demonstrated during the VoIP Wars: Destroying Jar Jar Lync presentation at Blackhat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015 events. It also has an online rule console to manage the attacks including INVITE subject update, MESSAGE content update and sending invalid content for fuzzing.
Copy "lib", "modules" and "data" folders' content to Metasploit Root "/" Directory.
Mixins.rb file (lib/msf/core/auxiliary/mixins.rb) should contain the following lines require 'msf/core/auxiliary/sip' require 'msf/core/auxiliary/skinny'
Installation - Metasploit Pro Edition
Copy "lib", "modules" and "data" folders' content to /opt/metasploit/apps/pro/msf3 directory.
Mixins.rb file (/opt/metasploit/apps/pro/msf3/lib/msf/core/auxiliary/mixins.rb) should contain the following lines require 'msf/core/auxiliary/sip' require 'msf/core/auxiliary/skinny'
Presentation slides (Blackhat Europe 2015, GSEC HITB 2015 and Ruxcon 2015)
Demonstration of exploits
The Art of VoIP Hacking Workshop
Presentation file (Defcon 23)
Demonstration videos of exercises (Defcon 23)
VoIP Wars II: Attack of the Cisco Phones
Presentation slides (DEF CON 22 and Blackhat 2014)
Presentation video (Blackhat 2014)
Presentation video (Defcon 22)
Demonstration of exploits
VoIP Wars I: Return of the SIP
Presentation file (Defcon 21)
Presentation video (Defcon 21)
Videos & Papers
Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins)
This is a training video for penetration testing of SIP servers.
Chapters of Training Video
1-Footprinting of SIP Services
2-Enumerating SIP Services
3-Registering SIP Service with/without Credentials
4-Brute Force Attack for SIP Service
5-Call Initiation with/without Spoof & Credentials
6-Hacking Trust Relationships
7-Intercepting SIP Client with SIP Proxy