I've uploaded the latest code to SVN. The only notable changes are the old trunk has been replaced by the development branch and I've gotten rid of the Windows GUI as it was more trouble than it was worth.
If I get around to it another GUI may be written but it's fairly low on the priority list.
There should be some big updates over the next week or so with the addition of some new material.
I forgot to mention in the v0.07 release post that this version should be considered 'beta' and as a result quite a lot of debugging info is printed during a run. In the case of a crash you can copy this into an email and send it on to email@example.com
If it's annoying you then piping stderr to /dev/null should solve your problems.
I would have edited the actual release post but sourceforge doesn't seem to want to let me do that (or maybe I just can't find the right option hidden away in this disgusting interface)... read more
This is an application to manage a little repairs laboratory or customer service for the fix phones, household, tv etc.
I've just uploaded the latest release of VoIPER. It comes with a couple of new fuzzers plus an entirely rewritten SIP backend that should make crash detection more reliable. As well as this, VoIPER can now register with a server before fuzzing.
For more info, check out the README.txt... read more
Despite my claims that v0.05 would be the last release of the current stable branch I've released v0.06 as it contains a fairly substantial speed increase over previous releases.
The length of time taken to run through the tests is one of the main issues with VoIPER at the moment. This 'fix' doubles the speed to about 2 requests per second and the dev branch averages 3-4 requests per second.
To cut straight to the point, the development version of VoIPER is essentially at a stage where it is ready for testing against SIP servers. While I can test open source servers and what not myself, I would also like to test proprietary SIP compliant devices as I've had reports the current version has killed a number of hardphones and proprietary softphones.
Anyone with access to Cisco, Avaya, Nortel etc. hardware or proprietary software, and would like to help out , can contact me at nnp [at symbol] unprotectedhex.com. Im interested in testing pretty much anything so phones, gateways, proxies etc are all fair game.... read more
I've synced my local SVN with the Sourceforge copy so anyone can browse the work I've been doing on the dev branch. Check out the link below for a demo of how the backend works. It demonstrates the REGISTER functionality. You can see how to define a transaction using a python dictionary and then pass this off to the SIP agent to be processed.
Using this backend it should be possible to do state fuzzing of SIP as well as syntactic fuzzing of the headers. Conformance testing and stress testing should also be feasible. ... read more
The latest version of VoIPER has been release. Not too many changes. See http://voiper.sourceforge.net for the release notes and change log.
This will be the final release of the current stable release of VoIPER. Subsequent releases will be based on the current dev branch which has a bucket load of cool new features and what not.
Righty, so where to start.....
- Check out the wiki (voiper.wiki.sourceforge.net). I'll be using that to keep track of what features are being worked on, release dates, tutorials etc
- I'll be making a presentation at DEFCON around the concept of VoIPER. The abstract can be found here http://defcon.org/html/defcon-16/dc-16-speakers.html#NNP
- Version 0.05 will be released in the next few days. No major updates really. The user can now specify the maximum length of fuzz strings to use as well as the amount of time the process monitoring scripts give a process to settle in after a restart. Other than that, just a bug fix or two.
- Version 0.05 will be the final release of the current branch. The next release will be what is currently the development branch. This will contain a whole lot of cool new features based around a completely rewritten protocol implementation. The main feature being full state traversal is possible and incredibly simple to set up.... read more
I have uploaded the code of VoIPER to the SVN repository on sourceforge. The release version is under 'trunk' at the moment but I will tag it and move it to 'tags' later today. Under branches you can see an entire port of VoIPER but with huge modifications to the backend to allow VoIPER to be fully protocol state aware and thus fuzz much deeper into the state tree of a device. That said, there are currently some issues with this and I have just uploaded it so people can get an idea of the changes being made. You should NOT try to run the development version and it isn't supported in any way. ... read more
I have uploaded the first public release of VoIPER. Comments, critisism, feature requests etc are all more than welcome and can be logged on sourceforge or sent to support[at symbol]unprotectedhex.com
Check out the release notes and other included documents for further information.
Completely forgot I'm actually out of the country on the 17th. VoIPER will instead be released on Monday the 21st.
The first public beta release of VoIPER will be on the 17th of April. See http://www.unprotectedhex.com for further details and updates.
I would like to thank everyone that has helped with the beta testing, especially Terron Willams for his constant feedback, bug reports and encouragement.
A number of interested people contacted me regarding beta testing VoIPER so I have distributed it to them and testing has begun.
The todo list before public release is as follows
- Fix some GUI issues
- Package dependencies
- Add a fuzzer for linked requests e.g an INVITE followed by an ACK followed by a BYE
All in all this shouldn't take very long (or at least I hope not because my thesis is due in two weeks ;) )... read more
Over the past 2 months I have done quite a bit of work on the toolkit. There are now 5 fuzzers as well as the RFC 4475 testing tool and a tool for replaying crash files. On top of this I have also created a GUI which makes the whole process a lot easier/user friendly. I have also created a process monitoring script for *nix systems in the same vein as the windows process monitoring script that comes with Sulley.... read more
The static test tool is completed and basic fuzzing functionality is currently being incorporated. Once a relatively stable and functional tool is working I will upload the initial release.