14 January 2008 | 14,581 views

VoIP Hopper – VLAN Hopping Tool

Prevent Network Security Leaks with Acunetix

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments.

In Cisco IP Phone networks, it first dissects either IEEE 802.3 or Ethernet II for Cisco Discovery Protocol (CDP) packets. If CDP is enabled on the switch port and the Voice VLAN feature is enabled, it will determine the Voice VLAN ID (VVID).

This will allow the tool to create a new Ethernet interface on the PC that tags the 802.1q VLAN header in the Ethernet packet. After VoIP Hopper has created the new Ethernet device, it will send a DHCP client request.

In Avaya IP Phone environments, it sends an Option 55 parameter request list, requesting Option 176. When the DHCP server sends Option 176, it decodes the L2QVLAN reply field for the Voice VLAN ID. It then creates a new voice interface and sends a DHCP request.

Why?

VoIP Hopper was written with the specific aim of improving security in VoIP environments by validating Layer 2 protection controls. It is a VLAN test tool that can be used to validate controls in VoIP environments but also anywhere else VLANs are used (basically everywhere).

You can download VoIP Hopper here:

VoIP Hopper 0.9.7

Or read more here.



Recent in Hacking Tools:
- dirs3arch – HTTP File & Directory Brute Forcing Tool
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
- SHODAN – Expose Online Devices (Wind Turbines, Power Plants & More!)

Related Posts:
- VoIP Hopper 2.01 Released – IP Phone VLAN Hopping Tool
- UCSniff 3.0 Released – VoIP/IP Video Sniffing Tool
- VIPER Lab’s VAST Live Distro – VoIP Security Testing LiveCD

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,857,028 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,042,359 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 618,695 views

Low-cost VPS Hosting

7 Responses to “VoIP Hopper – VLAN Hopping Tool”

  1. goodpeople 15 January 2008 at 4:58 pm Permalink

    I’ve never had the opportunity to play in a voip environment. But this sounds like a usefull tool..

  2. eM3rC 7 February 2008 at 5:30 am Permalink

    Seems like it would be a fun thing to play with.

    Anyone know what Stefans Home said?

  3. Pantagruel 8 February 2008 at 12:45 pm Permalink

    Stefans Home said:

    Easy entry into VoIP-lans…

    The main reasons why VoIP is usually sold, is the fact that one can use the already available ethernet structure for both voice and data transport. It is commonplace to separate your data net from the voice net by the use of VLANs (virtual lans).

    We have an Avaya based VoIP system at work, it worked quite well and the ‘holes’ where pluged

  4. eM3rC 9 February 2008 at 8:43 am Permalink

    Thanks for the translation Pantagruel!

    It seems like VoIP would be a good system to use because of the low price and reliable service.

    Could someone confirm that this is how it works? Basically the internet is broad casted over one frequency of the LAN line while the information used for the VoIP service is transmitted over a different frequency hence allowing the information to travel over both lines without interference. (Although I am not sure why someone is required to use those filters when you install DSL).

  5. agentphunk 14 February 2008 at 5:05 am Permalink

    eM3rC: Close but not quite. I think you’re thinking about voip providers like Vonage and perhaps Skype, which do send packets over the internet. This tool is for ‘enterprise’ VoIP, which is anything BUT cheap and packets usually don’t traverse the Internet. Companies used to run and support two infrastructures – data and voice, each with its own routing/switching gear, circuits, cabling, dedicated support teams, different vendors, etc. The two infrastructures didn’t co-mingle that much. VoIP basically does away with the traditional voice infrastructure by digitizing the audio (with a particular codec, for example G.729 or G.711) and stuffing that into routable IP packets. Essentially voice is just another application running across your network. However, its a ‘latency-sensitive’ application that doesn’t like getting delayed, AT ALL, from point A to point B. So although voice and data are ‘riding the same pipe’ you want to be smart about it and segment or differentiate the two types of traffic. Thats where the two VLANs come in: you want your PCs, printers, servers, etc in one subnet / VLAN / ‘broadcast domain’ and your telephony (pronounced tell-eph-O-ni, not telly-phony!) devices in another (no need for your phones to hear all of those damn NetBios broadcasts, right? Plus, you might have 100-200 data devices in a subnet, so that means maybe 100-200 users, which translates to maybe 100-200 phones. That adds up to 500 devices in one subnet – not good.) So you’re going to have a Data VLAN and a Voice VLAN in most enterprise networks, with different IP addressing schemes for each. You’ll also apply QoS (quality of service) settings differently for each subnet, because again you want to ensure your voice packets get priority over big clunky data packets). If you’re -really- interested I can elaborate on the process by which a phone winds up the voice vlan (the tool’s description is 100% accurate, though) but once its there it ‘Tags’ each voice packet using a mechanism called 802.1Q trunking. Each switchport is configured with a ‘native’ VLAN (the data vlan, with no trunking) and a voice vlan that can only be ‘accessed’ when the packets are ‘wrapped’ inside of an 802.1Q packet. So this isn’t about frequencies – its about a way for the IP phones to differentiate themselves from the ‘native’ data vlan, and get all of the added benefits that come with that (specifically the QoS markings that are used ‘upstream’ at the routers to prioritize voice traffic over data traffic, but there’s other benefits too.)

    So what the tool is doing is listening to the mechanism by which a phone learns what the voice VLAN is, and then allowing your PC to do the same thing. The immediate benefit would be that your packets would get that preferential treatment as they cross the corporate wide area network (super fast web surfing!) but in some environments there might be ACL’s on the data vlans that aren’t on voice, perhaps giving you access to voice-infrastructure devices like PBXs etc.)

    HOWEVER, that’s going to get you noticed fairly quickly, I think. Phones talk to other phones and PBXs, not to YouTube and Team Fortress servers. Voip traffic is fairly lightweight – and predominantly UDP not TCP. The network guys (e.g. Me!) have reserved a specific percentage of bandwidth for voice traffic and usually watch that pretty closely.

    Bottom line: looks like an interesting utility but read up on enterprise voip before you use it at work. You can’t claim ignorance on this one; if I caught you using it at my company I’d probably lobby to get you fired :-)

  6. eM3rC 14 February 2008 at 8:20 am Permalink

    @agentphunk
    All I can say is I bow down to you sir… It now seems so much clearer yet more complicated.

    I think I’ll plead ignorant due to the fact I haven’t actually gone into working in the computer field yet.

    @Darknet
    agentphunk’s post should be stickied or something just so other people can learn the ways of VoIP