Target Specification

Each attack tool in SIPVicious PRO takes one target or more. Each target consists of a URI that indicates to the tool the target connection protocol, it’s hostname or IP, port and in the case of WebSockets, the web path. This has the advantage of having the target specification as compact as possible.

Most tools require the port to be set in the target specification. The tools that do not require the port to be set, target a range of ports instead of one specific port per target. One example of such a tool is the RTP bleed attack tool.

The following connection protocols are supported:

  • UDP
  • TCP
  • TLS
  • WS
  • WSS

UDP

For UDP targets (e.g. a SIP over UDP target system), the following format is used when building the target:

udp://target:port

For example, if targeting a SIP host demo.sipvicious.pro on port 5060, the resulting URI would be:

udp://demo.sipvicious.pro:5060

When an IP is passed, most attack tools take a domain flag so that the SIP domain can be set.

TCP

For TCP targets, the following format is used when building the target:

tcp://target:port

For example, if targeting a SIP host demo.sipvicious.pro on port 5060, the resulting URI would be:

tcp://demo.sipvicious.pro:5060

TLS

For TLS targets, the following format is used when building the target:

tls://target:port

For example, if targeting a SIP host demo.sipvicious.pro on port 5061, the resulting URI would be:

tls://demo.sipvicious.pro:5061

WS and WSS

For WebSocket targets, the following format is used when building the target:

ws://target:port/path

In the case of secure WebSockets, the following format is used:

wss://target:port/path

For example, if targeting a hostname demo.sipvicious.pro on port 443 over secure WebSocket and web path /sip, the resulting URI would be:

wss://demo.sipvicious.pro:443/sip

The web path may be omitted when not required.