ohrwurm – RTP Fuzzing Tool (SIP Phones)


ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing.

Features:

  • reads SIP messages to get information of the RTP port numbers
  • reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
  • RTCP traffic can be suppressed to avoid that codecs learn about the “noisy line”
  • special care is taken to break RTP handling itself
  • the RTP payload is fuzzed with a constant BER
  • the BER is configurable
  • requires arpspoof from dsniff to do the MITM attack
  • requires both phones to be in a switched LAN (GW operation only works partially)

You can download ohrwurm 0.1 here:

ohrwurm-0.1.tar.bz2

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Secure Coding

, , , , , ,


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


Comments are closed.