From: Philipp Haupt (philipp.haupt@hsr.ch)
Date: Fri Dec 15 2006 - 06:22:10 EST
SIP Proxy is an Open Source VoIP security test tool which has been
developed by the students Philipp Haupt and Matthias Hürlimann during
their diploma thesis and second student research project at the
University of Applied Sciences Rapperswil (www.hsr.ch). Business partner
was Compass Security AG in Rapperswil (www.csnc.ch).
In the so called "Proxy Mode", the application acts as a proxy between a
VoIP PBX (e.g. Asterisk) and a UA (VoIP hard- or softphone). SIP traffic
can be sniffed and dynamically manipulated with the help of regular
expressions. Logged SIP messages can be modified and resent.
In the "Test Case Mode" predefined security tests which are specified as
XML files can be run against a specific target. Fuzzing technology,
which is a kind of black-box testing, can be applied to find weak spots
in VoIP devices. There are many more specific modules which can be used
within such a test case. For example Wordlist- or Bruteforce attacks.
While running a test case, feedback is given by displaying a grahical
report which can be exported in a printable PDF document afterwards.
With the help of SIP Proxy, several software bugs and configuration
faults in specific VoIP devices have already been discovered.
Check out this new and innovative software on SourceForge:
http://sourceforge.net/projects/sipproxy
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:27 EDT