StarTrinity.com

VoIP software

VoIP community

VoIP marketplace


logged in as
log out

VoIP Security Test and Validation Suite

StarTrinity announces restricted availability of VoIP Security Test and Validation Suite (VS²) - a set of tools for VoIP engineers to test stability of VoIP servers against possible attacks. Also, we offer white hat (legal) SIP/VoIP hacking services (penetration test as a service).

Features

  • Multiple-protocol VoIP penetration/downtime test system based on CallXML scripts
    • VoIP protocols: UDP, TCP, TLS, SIP, RTP, RTCP, T.38
    • Sending malformed packets
    • Various randomized ways to malform packets, programmatically configured in scripts
    • Malformed packets and abnormal order of packets within normal VoIP calls
    • Abnormally high rate of packets within normally initiated call
    • CallXML scripts for penetration tests. Subsystem of system variables specific for every test and environment (host names, port numbers, IP ranges, etc). REST API to access the variables.
    • List of predefined test scripts that could possibly crash your VoIP server
    • List of usernames/passwords for brute force attack scripts
    • RTP, RTCP, T.38 flood and malformed packets generation
    • Source IP spoofing
    • TCP SYN flood attack simulation (for SIP over TCP and TLS)
  • Distributed test nodes running on multiple servers for VoIP DDoS attacks
    • Centralized web-based management of multiple test nodes
    • Easy setup of new test nodes on Windows VPS (Amazon AWS, Azure, etc)
    • Interconnection with multiple VoIP providers and PSTN gateways for TDoS attack simulation
  • REST API to integrate with external systems: start/stop test, notification about downtime
  • Secure web interface for authoring scripts (for VoIP engineers)

Terms

  • Due to the potential for abuse, this cutting edge voice security tool is not available for download or electronic purchase.  Potential customers may make inquiries about this suite by email: sales@startrinity.com or using this form.  Interested parties must apply and describe intended use case. Sales to individual parties are not authorized, you must have appropriate supporting showing corporate purchase interest. Pricing for this suite starts at $30,000 instance.
  • Information about VoIP security test suite operation and our legal hacking services within your company is confidential (under NDA)
  • CallXML scripts specific to your company are confidential and belong to your company. We only develop sanple CallXML scripts to suggest ways of hacking
  • Our hacking / penetration test services are available only to trustworthy clients, we do not issue licenses to suspicious customers
  • An initial phase of penetration testing starts with a VoIP attack from our server(s) to your server(s) at specific time

Videos

See here - list of our penetration tests.

Updates

2018-11-17 - released new version with "addSipMalformer"
2018-11-18 - found 2 issues in our own SIP stack and fixed them. the issues were related to accessing bad memory location in case of receiving malformed SIP packets
2018-11-18 - found the 3rd issue in our own SIP stack
2018-11-18 - discovered VoIP attack-initiated memory leak in FreeSWITCH: it crashes in 2 minutes
2018-12-09 - testing 3CX PBX, more details here. See video.
2018-12-10 - having a random SIP message fuzzer, our software generates malformed SIP packets within normal SIP calls now. We run a test, and found a SIP packet that crashes our SIP stack:
SIP/2.0 503 Maximum Calls In Progress
Via: SIP/2.0/UDP 192.168.10.60:5070;rport=5070;branch=z9hG4bKPjea3bf9cb13b7400eac0c308af95d58ca
From: <sip:34534534567@192.168.10.4>;tag=bb0f66b2f304410699a8e6e992303c91
To: <sip:12183456789@192.168.10.4>;tag=gNHKB7SFjH7Xg
Call-ID: 3d892e7;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
CSeq: 21039 INVITE
Retry-After: 300
User-Agent: xxxxxxxxxxxxxxxxxxx
Accept: application/sdp
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY
Supported: timer, path, replaces
Allow-Events: talk, hold, conference, refer
Content-Length: 0

We got this error in Visual Studio debugger, so we see all details and will fix the error ASAP. It is a buffer overflow error, and it is very dangerous, if I believe to books about penetration testing. Some authors claim that it is possible to inject ASM code into the packets and execute it on remote machine (a book provides example executing calc.exe by hacking a FTP server)
2018-12-13 - started to research stablity of Kamailio 5.1.6 on Debian - found an issue that can be seen as DoS vulnerability. During our tests with malformed/fuzzed SIP packets Kamailio overloads system log processes "rsyslogd" and "systemd-journald".
Copyright 2011-2018 StarTrinity.com | Blog | Contact lead developer via LinkedIn | TeamViewer link