I didn't see this in the repos, so just in case it, I'd like to see UCsniff.
From their website:
Ucsniff is a VoIP/UC Sniffer / Assessment / Pentest tool with some useful new features, such as IP Video Sniffing.UCSniff is a Proof of Concept tool to demonstrate the risk of unauthorized eavesdropping on voice and video - it can help you understand who can eavesdrop, and from what parts of your network.
Not to discourage having ucsniff in the distro but there is always wireshark
plus it has the pretty gui
I downloaded ucsniff and compliled it on BT3. Looking at the resulting ucsniff*.tgz file it seems that the core functionality is based on ettercap. It looks like this might overwrite and/or conflict with the standalone ettercap install. So this may cause issues.
ucsniff works perfectly, in fact I would really like to see it included since it might be of great use during Cisco VOIP network pentests. One question since when does Wireshark does VLAN Hopping, MITM against a target and decodes the intercepted video and output of call automatically detecting if the stream is running SIP or Skinny?
Using wireshark with voip protocols one can intercept the traffic and can look at it with wireshark much like any other protocol. See here for more info.
Originally Posted by BadKarmaPR
As for Vlan hopping MITM there are other tools that can do the same thing.
For a really good tool for Vlan hopping then I would suggest VoipHopper.
I did a tutorial on it here a while back.
The problem I see with using ucsniffer ( again no reason why it can't be included) is that one needs physical access to an ethernet connection in order to use the tool, and that is according to Jason Ostrom the author.
For more info on that see here. Other tools do not require this, and as we all know this type of access to the target may not always be feasible.
I would love to hear more though BadKarmaPR from your side of the net on this.
What I like about the tool is that I have it in one single tool, that is simple to use, it saves time witch is important for me, all of my engagements are limited in time and scope in a way or another, yet it is a tool that you need access to the wire but as a Consultant I always make sure that we try our best to test the internal network as well as the external, that our ROE's cover this types off attacks and techniques and that our Scope covers the VOIP system and underlying network infrastructure. VOIP Hopper is another great tool, specially when my target use Nortel or Avaya this is the tool of choice. My question came because from your comment I understood that you where saying that Wireshark covered the functionality mentioned by the original poster and I was curios about this so as to understand the argument of using one tool against the other. Wireshark does capture and decodes the RSTP stream and does cover several of the codecs but it does not cover the Video aspect or G.722, but then again UCsniff only covers G.711 and G.722 and one might have to use a tool like Cain & Abel that does G711 uLaw, G771 aLaw, ADPCM, DVI4, LPC, GSM610, Microsoft GSM, L16, G729, Speex, iLBC, G722.1, G723.1, G726-16, G726-24, G726-32, G726-40, LPC-10, and SIREN for decoding the voice part only. It all boild down to the right tool for the right job.
As for saving time we can both agree that when the customer is paying then time is of the essence. No I was just wondering about your take on things since, as I mentioned for vlan hopping w/ucsniff one must be physically able to conect to the lan, this is the one thing that I see as a hinderance of the tool in that it may not be the best for vlan hopping. So good deal nice to hear another opinion in the matter.
I'll try to use this command
ucsniff -i eth0 -M
but I cannot record call. (Not saving conversation media file because either forward or reverse)
What could be the problem?
I am using UCSniff 2.1 during my diploma thesis and would like to simulate a MITM attack.
network 10.10.0.x <->Router 192.168.0.xxx <-> Router <-> network 10.20.0.xxx
If I perform the attack in the same IP-Network (10.10.0.xxx or 10.20.0.xxx) where the telephones are placed it works just fine.
But if I have perform the attack from outside (network 192.168.0.xxx) between the routers it does not work. Druing the "User target Mode" no call-connection can be established. In the "Conversation Target Mode" the call can be established but i can not log anything.
I hope you can help me.