Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.
Viproxy MITM Proxy and Testing Tools is developed using Metasploit Framework environment. It is a standalone Metasploit module which enables users to intercept the TCP/TLS traffic and to execute some attacks. Viproxy can be used to attack Microsoft Lync and Skype for Business environments as demonstrated during VoIP Wars: Destroying Jar Jar Lync presentation at Blackhat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015. It has online rule console to manage the attacks such as INVITE subject update, MESSAGE content update and sending invalid content for fuzzing.
MBFuzzer will be developed for MITM (Man in the Middle) Fuzzing. Mobile applications use HTTP, SOAP, XML and JSON based data streams for communicate the servers. Many mobile applications use SSL Connect method for server communication. This method should be converted to HTTPS GET/POST method for MITM attacks. MBFuzzer will provide HTTP/HTTPS Proxy functionality and Real-Time Fuzzing feature with HTTP Connect conversion support.
Books & Papers
Hacking Trust Relationships Between SIP Gateways
Pen-Tester's Guide to Metasploit Framework (Turkish)