Capture & Decode VOIP Calls With Wireshark
Page 1 of 1
Capture & Decode VOIP Calls With Wireshark
codingsec.net/2016/04/listen-to-a-voip-call-with-wireshark
Re: Capture & Decode VOIP Calls With Wireshark
Auto Script
Vid
Script:
Vid
Script:
- Code:
#!/bin/bash
# chmod +x *.sh
#
apt-get update && apt upgrade -y
apt-get install -y build-essential
apt-get install -y zlib1g-dev liblzo2-dev
apt-get install -y libpcap0.8-dev libnet1-dev
apt-get install -y libasound2-dev
apt-get install -y libbz2-dev
#GUI Dependencies
apt-get install -y libx11-dev
apt-get install -y libxext-dev
apt-get install -y libfreetype6-dev
#Realtime Video Monitor Dependencies
#Note: The minimum version required for vlc and libvlc-dev is at least 2.0.1 (Twoflower) or later.
apt-get install -y vlc
apt-get install -y libvlc-dev
#A/V Muxing Dependencies
apt-get install -y libavformat-dev #(this should also install -y libavutil-dev and libavcodec-dev)
apt-get install -y libavdevice-dev
apt-get install -y libswscale-dev
apt-get install -y libavfilter-dev
apt-get install -y libx264-dev
apt-get install -y libav-tools
#Optional A/V Player/Muxing tools
apt-get install -y mplayer
apt-get install mencoder
apt-get install -y vlc && apt-get install -y libvlc-dev libfreetype6
#&& apt-get install x-window-system-dev
Last edited by jamied_uk on 4th May 2017, 15:16; edited 2 times in total
Re: Capture & Decode VOIP Calls With Wireshark
Notes & Links
arno0x0x.wordpress.com/2015/11/27/hacking-voip
jnet.forumotion.com/t1382-freepbx-upgrading-proceedure
Cisco uses CDP SIP (TCP layer) & RTP (UDP layer)
You will need to do a MITM ARP spoof attack to intercept voice vlan voip sip comunications!
Tools:
http://ucsniff.sourceforge.net/
http://ucsniff.sourceforge.net/lininstall.html
Default UCSniff Installation
UCSniff compiles and runs well on Ubuntu 12.04. The following steps show a simple installation of UCSniff for VoIP and Video-only sniffing:
tar -zxvf ucsniff-xxx.tar.gz
Example:
Example:
Note: The configure script option of '--enable-libvlc' enables the realtime video monitor capability of UCSniff
Dependency packages for realtime video monitor:
Note: The configure script option of '--enable-libvlc' enables the realtime video monitor capability of UCSniff
Any Problems email
ucsniff@viperlab.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Using ettercap:
Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]
TARGET is in the format MAC/IP/IPv6/PORTs (see the man for further detail)
Sniffing and Attack options:
-M, --mitm perform a mitm attack
-o, --only-mitm don't sniff, only perform the mitm attack
-b, --broadcast sniff packets destined to broadcast
-B, --bridge use bridged sniff (needs 2 ifaces)
-p, --nopromisc do not put the iface in promisc mode
-S, --nosslmitm do not forge SSL certificates
-u, --unoffensive do not forward packets
-r, --read read data from pcapfile
-f, --pcapfilter set the pcap filter
-R, --reversed use reversed TARGET matching
-t, --proto sniff only this proto (default is all)
--certificate certificate file to use for SSL MiTM
--private-key private key file to use for SSL MiTM
User Interface Type:
-T, --text use text only GUI
-q, --quiet do not display packet contents
-s, --script issue these commands to the GUI
-C, --curses use curses GUI
-D, --daemon daemonize ettercap (no GUI)
-G, --gtk use GTK+ GUI
Logging options:
-w, --write write sniffed data to pcapfile
-L, --log log all the traffic to this
-l, --log-info log only passive infos to this
-m, --log-msg log all the messages to this
-c, --compress use gzip compression on log files
Visualization options:
-d, --dns resolves ip addresses into hostnames
-V, --visual set the visualization format
-e, --regex visualize only packets matching this regex
-E, --ext-headers print extended header for every pck
-Q, --superquiet do not display user and password
LUA options:
--lua-script,[,...] comma-separted list of LUA scripts
--lua-args n1=v1,[n2=v2,...] comma-separated arguments to LUA script(s)
General options:
-i, --iface use this network interface
-I, --liface show all the network interfaces
-Y, --secondary list of secondary network interfaces
-n, --netmask force this on iface
-A, --address force this local on iface
-P, --plugin launch this
-F, --filter load the filter (content filter)
-z, --silent do not perform the initial ARP scan
-6, --ip6scan send ICMPv6 probes to discover IPv6 nodes on the link
-j, --load-hosts load the hosts list from
-k, --save-hosts save the hosts list to
-W, --wifi-key use this key to decrypt wifi packets (wep or wpa)
-a, --config use the alterative config file
Standard options:
-v, --version prints the version and exit
-h, --help this help screen
will help you find your ip address and adapter settings:
- Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
- Code:
arpspoof -t 192.168.0.3 192.168.0.24
arno0x0x.wordpress.com/2015/11/27/hacking-voip
jnet.forumotion.com/t1382-freepbx-upgrading-proceedure
Cisco uses CDP SIP (TCP layer) & RTP (UDP layer)
You will need to do a MITM ARP spoof attack to intercept voice vlan voip sip comunications!
Tools:
- Code:
voiphopper -h
nmap
ucsniff
http://ucsniff.sourceforge.net/
http://ucsniff.sourceforge.net/lininstall.html
Default UCSniff Installation
UCSniff compiles and runs well on Ubuntu 12.04. The following steps show a simple installation of UCSniff for VoIP and Video-only sniffing:
tar -zxvf ucsniff-xxx.tar.gz
Example:
- Code:
tar -zxvf ucsniff-3.20.tar.gz
cd ucsniff-xxx
Example:
- Code:
cd ucsniff-3.20
./configure
make
make install
Note: The configure script option of '--enable-libvlc' enables the realtime video monitor capability of UCSniff
Dependency packages for realtime video monitor:
- Code:
apt-get install -y vlc && apt-get install -y libvlc-dev
./configure --enable-libvlc --enable-gui
make
make install
- Code:
./configure --enable-gui
Note: The configure script option of '--enable-libvlc' enables the realtime video monitor capability of UCSniff
Any Problems email
ucsniff@viperlab.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Using ettercap:
- Code:
ettercap -G
Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]
TARGET is in the format MAC/IP/IPv6/PORTs (see the man for further detail)
Sniffing and Attack options:
-M, --mitm
-o, --only-mitm don't sniff, only perform the mitm attack
-b, --broadcast sniff packets destined to broadcast
-B, --bridge
-p, --nopromisc do not put the iface in promisc mode
-S, --nosslmitm do not forge SSL certificates
-u, --unoffensive do not forward packets
-r, --read
-f, --pcapfilter
-R, --reversed use reversed TARGET matching
-t, --proto
--certificate
--private-key
User Interface Type:
-T, --text use text only GUI
-q, --quiet do not display packet contents
-s, --script
-C, --curses use curses GUI
-D, --daemon daemonize ettercap (no GUI)
-G, --gtk use GTK+ GUI
Logging options:
-w, --write
-L, --log
-l, --log-info
-m, --log-msg
-c, --compress use gzip compression on log files
Visualization options:
-d, --dns resolves ip addresses into hostnames
-V, --visual
-e, --regex
-E, --ext-headers print extended header for every pck
-Q, --superquiet do not display user and password
LUA options:
--lua-script
--lua-args n1=v1,[n2=v2,...] comma-separated arguments to LUA script(s)
General options:
-i, --iface
-I, --liface show all the network interfaces
-Y, --secondary
-n, --netmask
-A, --address force this local on iface
-P, --plugin
-F, --filter
-z, --silent do not perform the initial ARP scan
-6, --ip6scan send ICMPv6 probes to discover IPv6 nodes on the link
-j, --load-hosts
-k, --save-hosts
-W, --wifi-key
-a, --config
Standard options:
-v, --version prints the version and exit
-h, --help this help screen
- Code:
ifconfig
will help you find your ip address and adapter settings:
Last edited by jamied_uk on 4th May 2017, 16:20; edited 1 time in total
Re: Capture & Decode VOIP Calls With Wireshark
Make sure Kali 2 Sources are correct as follows:
- Code:
#sudo gedit /etc/apt/sources.list
#
# deb cdrom:[Debian GNU/Linux 2017.1 _Kali-rolling_ - Official Snapshot amd64 LIVE/INSTALL Binary 20170416-02:08]/ kali-rolling contrib main non-free
#deb cdrom:[Debian GNU/Linux 2017.1 _Kali-rolling_ - Official Snapshot amd64 LIVE/INSTALL Binary 20170416-02:08]/ kali-rolling contrib main non-free
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
Re: Capture & Decode VOIP Calls With Wireshark
More Notes
jnet.forumotion.com/t1118-capture-decode-voip-calls-with-wireshark#2154
Helpful tools and codes to find Cisco devices on network:
arp-scan -h
--srcaddr= or -S Set the source Ethernet MAC address to .
This sets the 48-bit hardware address in the Ethernet
frame header for outgoing ARP packets. It does not
change the hardware address in the ARP packet, see
--arpsha for details on how to change that address.
The default is the Ethernet address of the outgoing
interface.
--destaddr= or -T Send the packets to Ethernet MAC address
This sets the 48-bit destination address in the
Ethernet frame header.
The default is the broadcast address ff:ff:ff:ff:ff:ff.
Most operating systems will also respond if the ARP
request is sent to their MAC address, or to a
multicast address that they are listening on.
Examples:
jnet.forumotion.com/t1118-capture-decode-voip-calls-with-wireshark#2154
Helpful tools and codes to find Cisco devices on network:
- Code:
arp-scan --interface=eth0 --localnet
arp-scan -h
- Code:
arp-scan --vlan=1
--srcaddr=
This sets the 48-bit hardware address in the Ethernet
frame header for outgoing ARP packets. It does not
change the hardware address in the ARP packet, see
--arpsha for details on how to change that address.
The default is the Ethernet address of the outgoing
interface.
--destaddr=
This sets the 48-bit destination address in the
Ethernet frame header.
The default is the broadcast address ff:ff:ff:ff:ff:ff.
Most operating systems will also respond if the ARP
request is sent to their MAC address, or to a
multicast address that they are listening on.
Examples:
- Code:
arp-scan --srcaddr= --destaddr=
Re: Capture & Decode VOIP Calls With Wireshark
You may like this script
jnet.forumotion.com/t1477-quick-scan-linux-script-security-tut#2157
jnet.forumotion.com/t1477-quick-scan-linux-script-security-tut#2157
Similar topics
» Wireshark For Windows & Linux
» Crypto Calls For Android
» Make Wireshark Work With Windows 10 Win 10 Pcap
» How easy is it to capture data on public free Wi-Fi
» Wireshark Filter Out Results Example
» Crypto Calls For Android
» Make Wireshark Work With Windows 10 Win 10 Pcap
» How easy is it to capture data on public free Wi-Fi
» Wireshark Filter Out Results Example
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum