Tools


RTPEditor

 

 RTPEditor can be complementary used with SIPInspector. SIPInspector can feed RTP packets from a captured *.pcap file to the other SIP end point (alternatively, use 'rtpplay'). Sometimes, it is required to create losses or silences. This is valuable when testing how well the other side handles RTP loss concealment.

Three steps need to be done within RTPEditor:

1. Open a valid *.pcap file

2. Either enter percentage of packets lost or create periodic silences.

  • If percentage is entered, the tool automatically creates a uniform loss. Lost packets are uniformly spread throughout the original file. 
  • For non-uniform case, users control frequency and length of silences. Let' say 5 subsequent packets need to be dropped every 100 packets from the original file. For that example set values like following: 'Frequency of dropped packets' = 100 and 'Number of packets' = 5. For ptime=20 this would create a 120 ms silence gaps. The gaps repeat every 100 packets.

3. Click on 'Save As' button an save the file

NOTE: SIPInspector does not have the best accuracy when playing RTP on Windows platfom. On Linux it works much better :-) Therefore, you may consider using 'rtpplay' on Windows OS. 

RTPEditor is available for download here.


HTTPBrute

 
 HTTPBrute can be used to verify Authentication responses during registration or when any other SIP request gets challenged.

For example, see REGISTER message below. I know for a fact that a valid password is "pass151". If I simply populate the fields in the tool with values extracted from Proxy-Authorization header I can verify correctness of the response (a9b72ed2cbca07516e9d8ea06c3c59d0)

Fields NonceCount, CNonce and EntityBody are grayed out and will be unlocked if Qop is set to either "auth" or "auth-int"

At the moment you can only use the tool to calculate response for various combinations of input values. Later, I will enhance the tool to automatically find the password based on the response. It will be able to perform brute-force attacks and discover, weak, few letters in lengt passwords.

Available for download here.
REGISTER sip:192.168.1.100:50060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.110:5066;branch=z9hG4bK-d8754z-263dbb6421050a5e-1---d8754z-;rport
Max-Forwards: 70
Contact: <sip:151@192.168.1.110:5066;rinstance=336335875db3eb43>
To: "Mr Hacker"<sip:151@192.168.1.100:50060>
From: "Mr Hacker"<sip:151@192.168.1.100:50060>;tag=1a734c19
Call-ID: NTM3MzBkZDVmMDcxZjAxODI1YTk2MzI2MWZmYjE2Yzk.
CSeq: 2 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
Proxy-Authorization: Digest username="user151",realm="mydomain.com",nonce="9bca0b4691f5d720ce251385f19f66e6",uri="sip:192.168.1.100:50060",
response="a9b72ed2cbca07516e9d8ea06c3c59d0",algorithm=MD5,opaque="185a87188c63a2c7f69105023454e0b2"
User-Agent: SIPInspector_ver_1.31
Content-Length: 0