VoIPER : VoIP Exploit Research toolkit / News: Recent posts

SVN update

I've uploaded the latest code to SVN. The only notable changes are the old trunk has been replaced by the development branch and I've gotten rid of the Windows GUI as it was more trouble than it was worth.

If I get around to it another GUI may be written but it's fairly low on the priority list.

There should be some big updates over the next week or so with the addition of some new material.

-nnp

Posted by nnp 2008-11-28

VoIPER v0.07 update

I forgot to mention in the v0.07 release post that this version should be considered 'beta' and as a result quite a lot of debugging info is printed during a run. In the case of a crash you can copy this into an email and send it on to nnp@unprotectedhex.com

If it's annoying you then piping stderr to /dev/null should solve your problems.

I would have edited the actual release post but sourceforge doesn't seem to want to let me do that (or maybe I just can't find the right option hidden away in this disgusting interface)... read more

Posted by nnp 2008-10-09

VoIPER : VoIP Exploit Research toolkit: New release: v0.07

This is an application to manage a little repairs laboratory or customer service for the fix phones, household, tv etc.

I've just uploaded the latest release of VoIPER. It comes with a couple of new fuzzers plus an entirely rewritten SIP backend that should make crash detection more reliable. As well as this, VoIPER can now register with a server before fuzzing.

For more info, check out the README.txt... read more

Posted by nnp 2008-10-07

Release: v0.06

Despite my claims that v0.05 would be the last release of the current stable branch I've released v0.06 as it contains a fairly substantial speed increase over previous releases.

The length of time taken to run through the tests is one of the main issues with VoIPER at the moment. This 'fix' doubles the speed to about 2 requests per second and the dev branch averages 3-4 requests per second.

Posted by nnp 2008-06-25

Help needed!

To cut straight to the point, the development version of VoIPER is essentially at a stage where it is ready for testing against SIP servers. While I can test open source servers and what not myself, I would also like to test proprietary SIP compliant devices as I've had reports the current version has killed a number of hardphones and proprietary softphones.

Anyone with access to Cisco, Avaya, Nortel etc. hardware or proprietary software, and would like to help out , can contact me at nnp [at symbol] unprotectedhex.com. Im interested in testing pretty much anything so phones, gateways, proxies etc are all fair game.... read more

Posted by nnp 2008-06-08

SVN update

I've synced my local SVN with the Sourceforge copy so anyone can browse the work I've been doing on the dev branch. Check out the link below for a demo of how the backend works. It demonstrates the REGISTER functionality. You can see how to define a transaction using a python dictionary and then pass this off to the SIP agent to be processed.

Using this backend it should be possible to do state fuzzing of SIP as well as syntactic fuzzing of the headers. Conformance testing and stress testing should also be feasible. ... read more

Posted by nnp 2008-06-04

Release: v0.05

The latest version of VoIPER has been release. Not too many changes. See http://voiper.sourceforge.net for the release notes and change log.

This will be the final release of the current stable release of VoIPER. Subsequent releases will be based on the current dev branch which has a bucket load of cool new features and what not.

Posted by nnp 2008-06-03

Announcements

Righty, so where to start.....

- Check out the wiki (voiper.wiki.sourceforge.net). I'll be using that to keep track of what features are being worked on, release dates, tutorials etc
- I'll be making a presentation at DEFCON around the concept of VoIPER. The abstract can be found here http://defcon.org/html/defcon-16/dc-16-speakers.html#NNP
- Version 0.05 will be released in the next few days. No major updates really. The user can now specify the maximum length of fuzz strings to use as well as the amount of time the process monitoring scripts give a process to settle in after a restart. Other than that, just a bug fix or two.
- Version 0.05 will be the final release of the current branch. The next release will be what is currently the development branch. This will contain a whole lot of cool new features based around a completely rewritten protocol implementation. The main feature being full state traversal is possible and incredibly simple to set up.... read more

Posted by nnp 2008-06-02

Readme: SVN code

I have uploaded the code of VoIPER to the SVN repository on sourceforge. The release version is under 'trunk' at the moment but I will tag it and move it to 'tags' later today. Under branches you can see an entire port of VoIPER but with huge modifications to the backend to allow VoIPER to be fully protocol state aware and thus fuzz much deeper into the state tree of a device. That said, there are currently some issues with this and I have just uploaded it so people can get an idea of the changes being made. You should NOT try to run the development version and it isn't supported in any way. ... read more

Posted by nnp 2008-04-22

First public release

I have uploaded the first public release of VoIPER. Comments, critisism, feature requests etc are all more than welcome and can be logged on sourceforge or sent to support[at symbol]unprotectedhex.com

Check out the release notes and other included documents for further information.

Enjoy,
-nnp

Posted by nnp 2008-04-21

Change of release date: 21st April

Completely forgot I'm actually out of the country on the 17th. VoIPER will instead be released on Monday the 21st.

Posted by nnp 2008-04-16

Release date: 17th of April

The first public beta release of VoIPER will be on the 17th of April. See http://www.unprotectedhex.com for further details and updates.

I would like to thank everyone that has helped with the beta testing, especially Terron Willams for his constant feedback, bug reports and encouragement.

Posted by nnp 2008-04-08

Beta testing has begun

A number of interested people contacted me regarding beta testing VoIPER so I have distributed it to them and testing has begun.

The todo list before public release is as follows
- Fix some GUI issues
- Package dependencies
- Add a fuzzer for linked requests e.g an INVITE followed by an ACK followed by a BYE

All in all this shouldn't take very long (or at least I hope not because my thesis is due in two weeks ;) )... read more

Posted by nnp 2008-03-09

Project updates

Over the past 2 months I have done quite a bit of work on the toolkit. There are now 5 fuzzers as well as the RFC 4475 testing tool and a tool for replaying crash files. On top of this I have also created a GUI which makes the whole process a lot easier/user friendly. I have also created a process monitoring script for *nix systems in the same vein as the windows process monitoring script that comes with Sulley.... read more

Posted by nnp 2008-02-01

Beta release coming soon

The static test tool is completed and basic fuzzing functionality is currently being incorporated. Once a relatively stable and functional tool is working I will upload the initial release.

Posted by nnp 2007-10-25

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks