ohrwurm – RTP Fuzzing Tool (SIP Phones)

Use Netsparker


ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing.

Features:

  • reads SIP messages to get information of the RTP port numbers
  • reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
  • RTCP traffic can be suppressed to avoid that codecs learn about the “noisy line”
  • special care is taken to break RTP handling itself
  • the RTP payload is fuzzed with a constant BER
  • the BER is configurable
  • requires arpspoof from dsniff to do the MITM attack
  • requires both phones to be in a switched LAN (GW operation only works partially)

You can download ohrwurm 0.1 here:

ohrwurm-0.1.tar.bz2

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Secure Coding

, , , , , ,


Latest Posts:


dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.


Comments are closed.