Tag Archives: SIP

VoIP Pen-Test Kit for Metasploit Framework

data/wordlists Viproy 2.0 3 months ago
external Viproy 2.1 28 days ago
lib/msf/core/auxiliary Viproy 2.5 12 days ago
modules/auxiliary Reference update for CUCDM exploits 12 days ago
LICENSE Viproy 2.1 28 days ago
OTHERSUSAGE.md Usage update for the CUCDM exploits 11 days ago
README.md Usage and capture samples for Cisco Skinny testing modules 8 days ago
SIPUSAGE.md PCAP links added 12 days ago
SKINNYUSAGE.md Usage and capture samples for Cisco Skinny testing modules 11 days ago
kaliinstall.sh Update kaliinstall.sh 3 months ago

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.

Homepage of Project


Black Hat USA 2014 – Network: VoIP Wars Attack of the Cisco Phones


DEF CON 21 – VoIP Wars Return of the SIP


Attacking SIP/VoIP Servers Using Viproy


Current Testing Modules

  • SIP Register
  • SIP Invite
  • SIP Message
  • SIP Negotiate
  • SIP Options
  • SIP Subscribe
  • SIP Enumerate
  • SIP Brute Force
  • SIP Trust Hacking
  • SIP UDP Amplification DoS
  • SIP Proxy Bounce
  • Skinny Register
  • Skinny Call
  • Skinny Call Forward
  • CUCDM Call Forwarder
  • CUCDM Speed Dial Manipulator
  • MITM Proxy TCP
  • MITM Proxy UDP
  • Cisco CDP Spoofer



Copy “lib” and “modules” folders’ content to Metasploit root directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) should contains the following lines
require ‘msf/core/auxiliary/sip’
require ‘msf/core/auxiliary/skinny’

Usage of SIP Modules


Usage of Skinny Modules


Usage of Auxiliary Viproy Modules


JEP 219: Datagram Transport Layer Security (DTLS)

JEP 219: Datagram Transport Layer Security (DTLS)


Define an API for Datagram Transport Layer Security (DTLS) version 1.0 (RFC 4347) and 1.2 (RFC 6347).


  1. It is not a goal to support transport-specific interfaces (for example, DTLS for DatagramSocket).
  2. It is not a goal to support PMTU discovery.

Success Metrics

The implementation, in both client and server modes, must interoperate successfully with at least two other DTLS implementations.


It is important to support DTLS to satisfy secure-transport requirements for the increasing number of datagram-compatible applications. RFC 4347 lists a number of reasons why TLS is not sufficient for these types of applications:

  • “TLS is the most widely deployed protocol for securing network traffic. … However, TLS must run over a reliable transport channel—typically TCP. It therefore cannot be used to secure unreliable datagram traffic.”
  • “… an increasing number of application layer protocols have been designed that use UDP transport. In particular, protocols such as the Session Initiation Protocol (SIP) and electronic gaming protocols are increasingly popular.”
  • “In many cases, the most desirable way to secure client/server applications would be to use TLS; However, the requirement for datagram semantics automatically prohibits use of TLS. Thus, a datagram-compatible variant of TLS is very desirable.”

Protocols that support DTLS include, but are not limited, to:

  • RFC 5238, Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)
  • RFC 6083, Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)
  • RFC 5764, Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)
  • RFC 7252, Constrained Application Protocol (CoAP)

Google Chrome and Firefox now support DTLS-SRTP for Web Real-Time Communication (WebRTC). DTLS version 1.0 and 1.2 are supported by the major TLS vendors and implementations including OpenSSL, GnuTLS, and Microsoft SChannel.


We expect the DTLS API and implementation to be fairly small. The new API should be transport-independent and similar to javax.net.ssl.SSLEngine. Further details on the API will be added here as the work progresses. Some initial design considerations are as follows:

  1. The DTLS API and implementation will not manage read timeouts. It will be the responsibility of the application to determine an appropriate timeout value and when and how to trigger the timeout event.
  2. A new API will likely be added to set the maximum application datagram size (PMTU minus the DTLS per-record overhead). If the size is not specified explicitly, however, then the DTLS implementation should adjust the size automatically. If a fragment is lost two or three times, the implementation may reduce the size of the maximum application datagram size until it is small enough.
  3. The DTLS implementation should consume or produce at most one TLS record for each unwrap or wrap operation, so that the record can be delivered in the datagram layer individually or can be reassembled more easily if the delivery is out of order.
  4. It is the application’s responsibility to assemble the out-of-order application data accordingly if necessary. The DTLS API should provide access to the application data in each DTLS message.