-
When a crash occurs, only the last fuzz request is logged. As a result, this is all the crash_reply.py script will resend. It might be nice to save the last sequence of requests or intelligently detect what sequence actually caused the crash.
This could be done by storing the last 10 or so requests and when a crash occurs, restarting the target and replaying them using a shrinking window e.g...
2008-11-26 20:09:08 UTC in VoIPER : VoIP Exploit Research toolkit
-
There have been reports that because the crash_replay.py script reads in the contents of a crashlog file to use as the payload, the end of line characters in the SIP request are changed from \r\n to whatever the OS defined EOL sequence is.
2008-11-26 20:06:33 UTC in VoIPER : VoIP Exploit Research toolkit
-
v_o_iper added blakecornell to the VoIPER : VoIP Exploit Research toolkit project.
2008-11-26 20:01:41 UTC in VoIPER : VoIP Exploit Research toolkit
-
According to http://alexandria.wiki.sourceforge.net/Secure+SHell+SSH+Client the shell service is running on shell.sourceforge.net but I can't seem to reach that (and haven't been able to for several days). I've tried for a number of different locations so I don't think the fault is on my end. Is this a scheduled outage or another one of the 'surprise' ones that seem to occur every few months?...
2008-10-15 14:52:55 UTC in SourceForge.net
-
The project description from another project appears to be appearing on this page http://sourceforge.net/forum/forum.php?forum_id=874509
The line "This is an application to manage a little repairs laboratory or customer service for the fix phones, household, tv etc. " has nothing at all to do with my project.
2008-10-09 20:01:45 UTC in SourceForge.net
-
There is currently no link between the transactions stored by the transaction manager and the transaction dictionaries that describe the transaction.
As a result when sip_agent processes a transaction dictionary it is possible that an update for an unexpected transaction could occur and sip_agent will attempt to apply the current transaction dictionary to it. This will either result in a...
2008-06-26 15:31:17 UTC in VoIPER : VoIP Exploit Research toolkit
-
On Ubuntu an exception occurs after sending a few thousand INVITE requests against OpenSER with no CANCELs. This appears to be because the sockets used to send the INVITEs are never closed. This probably happens because OpenSER keeps trying to resend responses to the initial invite but we are not providing anything to handle these when do_cancel is false. As a result the transaction manager...
2008-06-21 22:27:45 UTC in VoIPER : VoIP Exploit Research toolkit
-
During the course of a fuzzing session the fuzzer can get into a state whereby the OPTIONS requests that are meant to determine the state of the target don't get sent. As a result the server is misdiagnosed as crashed. Once in this state the fuzzer stays in it and the only way to recover is to kill it and restart.
I have been unsuccessful in predictably recreate this issue.
2008-06-20 19:36:17 UTC in VoIPER : VoIP Exploit Research toolkit
-
v_o_iper registered the VoIPER : VoIP Exploit Research toolkit project.
2007-10-24 00:05:43 UTC in VoIPER : VoIP Exploit Research toolkit
