ohrwurm

Description

ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing, part of voip analysis toolkit.

Features:

  • reads SIP messages to get information of the RTP port numbers

  • reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed

  • RTCP traffic can be suppressed to avoid that codecs learn about the “noisy line”

  • special care is taken to break RTP handling itself

  • the RTP payload is fuzzed with a constant BER

  • the BER is configurable

  • requires arpspoof from dsniff to do the MITM attack

  • requires both phones to be in a switched LAN (GW operation only works partially)

Usage

Syntax

ohrwurm -a <IP target a> -b <IP target b> [-s <randomseed>] [-e <bit error ratio in %>] [-i <interface>] [-A <RTP port a> -B <RTP port b>]

Options

-a <IPv4 address A in dot-decimal notation> SIP phone A
-b <IPv4 address B in dot-decimal notation> SIP phone B
-s <integer> randomseed (default: read from /dev/urandom)
-e <double> bit error ratio in % (default: 1.230000)
-i <interfacename> network interface (default: eth0)
-t suppress RTCP packets (default: dont suppress)
-A <port number> of RTP port on IP a (requires -B)
-B <port number> of RTP port on IP b (requires -A)
       note: using -A and -B skips SIP sniffing, any RTP can be fuzzed

Example 

cyborg@cyborg:~$ sudo ohrwurm -a 192.168.1.12 -b 192.168.1.15 -A 5555 -B 5555 -i eth0
ohrwurm-0.1
using random seed 5748213547
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?