home
    blog
    feed
    eyes
    info

Fri, 25 Aug 2006

• reads SIP messages to get information of the RTP port numbers
• reading SIP can be omitted by providing the RTP port numbers, sothat any RTP traffic can be fuzzed
• RTCP traffic can be suppressed to avoid that codecs learn about the "noisy line"
• special care is taken to break RTP handling itself
• the RTP payload is fuzzed with a constant BER
• the BER is configurable
• requires arpspoof from dsniff to do the MITM attack
• requires both phones to be in a switched LAN (GW operation only works partially)

• ohrwurm-0.1.tar.bz2

5 writebacks

writebacks...

Re: Tool Usage
Hello Mazzoo,
I am planning to use ohrwurm tool to test the SIP phones. In your blog, you have mentioned that the SIP phones have to be in the same lan and also you have mentioned that the Gateway functionality works partially. In my topology, I have set up a Router that acts as a Gateway and the Attacker is present between the Call originator and the Gatway.

         Attacker
            |
            |
Originator --- Gateway (router) --- Call Terminator

I have tested and found out that attacker succesfully sniffs the packets going between originator and the gateway. Since i have spoofed the gateway and the originator to believe in the Attacker. My question is will ohrwurm tool successfully fuzz RTP packets between orginator and terminator even though they are not in the same lan ??

Comment!
Could you change the blue color of this site ????

Hi, are you going to be updating this tool, or have you stopped developing it. Thanks.

Mark, the tool is perfect, no need to develop :P no, but seriously . what is missing? mazzoo

Nothing in particular, I was just looking through the code and noticed some FIXMEs so I wondered if you were still actively working on it since I saw no updates since 2006. Thanks :)

comment...

validate HTML