Wednesday, April 1, 2009

VoIPScanner, SIP Digest Leak tutorial and more!

Check out the tutorial. This security flaw has been getting a bit of attention so I thought of preparing a tutorial on how to use VOIPPACK to demo it. There's the video that I posted earlier on which shows the attack in action. In the tutorial I explain how to do this step by step on a softphone and a hardphone as well.


SIP Digest Leak from Sandro Gauci on Vimeo.

Also started a new project called voipscanner.com which is currently in private beta. If you have an internet facing IP PBX that you'd like to scan, give me a ping ;-) You might just about qualify for the private beta. Public beta will be available later this week or earlier next week.

2 comments:

CG said...

awesome!

David Maynor said...

Great article. I was forwarded this by someone who was asking what you could do with the cracked password. Updating the post to reflect abuse scenarios might be useful!