Skip to main content

Release notes

SIPVicious PRO helps security teams, QA and developers battle-test modern VoIP and WebRTC systems, applications and protocols for manual and automated testing. For more information, visit https://www.enablesecurity.com/sipvicious/pro/.

The following are the latest release notes.

v6.0.0-experimental.6

Released on 2023-03-06

CUI:

  • sip utils iterator removed for now, it needs to be reworked
  • all changes in v6.0.0-beta.6

Documentation:

  • all changes in v6.0.0-beta.6

SIPVicious PRO core:

  • support for g726 codec
  • added SRTP configuration in RTP fuzzing and callee mode
  • RTCP fuzzing updated
  • all changes in v6.0.0-beta.6

v6.0.0-beta.6

Released on 2023-03-06

CUI:

  • sip dos flood now supports ACK, CANCEL, BYE, PRACK, INFO, REFER, UPDATE in addition to previously supported SIP methods
  • sip crack online tool now supports closing the connection with the close-conn flag
  • sip utils ping now supports using the INVITE method

Documentation:

  • added documentation about how SIPVicious PRO can be used from Gitlab-CI pipelines
  • added documentation on the new inject-config parameters: rtp-ssrc and rtp-payload-type
  • clarified help text for no-prober and duration flags
  • various advanced examples updated to reflect previous changes to the tools syntax

SIPVicious PRO core:

  • the SIP DoS flooder now handles slow rates better
  • the SIP DoS flooder now supports all the SIP methods supported in other tools
  • handle cases where no responses are received by the SIP DoS flooder’s prober (e.g. in the case of the ACK method)
  • fixed a panic when the SIP DoS flooder’s TCP socket did not receive any response
  • added the close connection functionality to the SIP online cracker
  • fixed the internal template for the REFER request which was not considered correct by UAS targets
  • fixed behavior when no SDP is received from a peer
  • various internal library updates (netloop, esfuzzing, fuzzerloop, iterator, rtp, rtpcodec)
  • the callee utility now handles multiple INVITEs/calls
  • fixed a bug in SDP key selection
  • added support for SSRC and payload type selection in RTP inject
  • fixed crash in the SIP DoS flooder when fake auth and rate were used
  • the callee utility no longer panics when trying to start a websocket listener
  • fixed behavior of repeater tool to only unregister once
  • SIP server, used in the callee and other tools, fixed to support setting of TLS certificates

v6.0.0-experimental.5

Released on 2022-06-24

CUI:

  • added interfaces support for sip dos flood tool, allowing setting of multiple source IPs
  • added stir-shaken-config flag to the tools that support STIR/SHAKEN
  • added a new tool called sip fuzz server which starts a server that fuzzes SIP UAs pointed at it
  • added tcp flood tool which runs a connection flood test
  • added sip fuzz stirshaken tool which fuzzes the Identity header in STIR/SHAKEN
  • added sip utils iterator tool which allows for manual fuzzing and injection tests
  • added rtp fuzz tool for fuzzing RTP packets

Documentation:

  • added documentation for new tools
  • added documentation for tools that now support STIR/SHAKEN configuration

SIPVicious PRO core:

  • all changes in v6.0.0-beta.5
  • the following new tools:
    • RTP fuzzer
    • SIP STIR/SHAKEN fuzzer
    • SIP Iterator utility
    • TCP flood tool
    • SIP server for fuzzing

v6.0.0-beta.5

Released on 2022-06-24

CUI:

  • rtp inject’s default connection count is now set to 1 instead of 10
  • opus now defaults to rate 48000 (default was previously incorrect)
  • added inject-config to rtp inject command, to allow for specific RTP injection settings
  • documentation URLs given in each tool’s help corrected to point to https://docs.sipvicious.pro
  • SRTP now available to all SIPVicious PRO tools that benefit from it
  • added auth-config flag to sip crack online to allow for setting which hashing algorithm to use (we now support SHA too!)
  • credentials flag in sip crack online is now called credentials-file

Documentation:

  • full documentation of the srtp flag for various tools
  • introduced docker as a way to run SIPVicious PRO and related documentation
  • added inject-config documentation for the rtp inject tool
  • the templates test tool now has a new syntax, documentation updated to reflect that
  • brand new website design and structure!

SIPVicious PRO core:

  • SIP splitter now supports short form version of content-length
  • suppressed errors when BYE and ACK return errors due to not matching
  • sip utils ping gets a sane timeout
  • integer overflow fix in netloop (internal library)
  • RTP handler is now able to detect malformed SDP without proper IP/port
  • major rewrite of SipMessage header reading
  • fixed RTP flood bug that had a race condition in the case of SRTP
  • fixed opus SDP as per RFC7587
  • sip dos flood now supports debug and tls-key-log flag properly (was not working before)
  • race condition fixes for sip fuzz method
  • invalid templates now return a proper error
  • fixed IPv6 issue in SDP
  • malformed DTLS certificates are now handled properly
  • plugged in SRTP for tools that were missing it
  • fixed issue where content-length header would be removed if SIP body was not present
  • fixed race conditions in SIP DoS flood tool (affected fake authentication)
  • added rate limiter for RTP inject tool
  • fixed race condition in RTP inject
  • less noisy log messages for RTP inject
  • updated various tools (e.g. RTP flood) to support SRTP-DTLS

v6.0.0-beta.4

Released on 2021-05-12

CUI:

  • Added a new command list which produces a list of all available tools.
  • The credentials flag used for setting username and password can now optionally set the realm.
  • The about command can now output just the mascot by making use of the mascot flag. This is useful for demos.
  • Added auth-config flag which allows specification of authentication related parameters. For now, it allows specification of the hashing algorithm to be used with Digest Authentication, to support RFC 8760.
  • The about command now supports JSON output, so that the SIPVicious version can be read programmatically.
  • Added challenge-config parameter for sip crack digestleak tool that allows setting of settings in the digest challenge such as a custom realm and hashing algorithm.
  • A number of flags and their values were renamed for better consistency:
    • rtp flood:
      • mode flag renamed to call-mode
      • values for call-mode are now callee, caller and rtp-stream
      • invite-mode flag is now called caller-mode
      • flags related to TLS handling added to rtp flood that was missing them:
        • client-cert
        • client-key
        • ca-cert
        • tls-key-log
    • sip fuzz method:
      • fuzz flag renamed to fuzz-mode
      • invite-mode flag is now called caller-mode
    • sip crack digestleak: mode flag renamed to call-mode
    • sip enumerate extensions:
      • renamed the do-not-probe flag to no-prober
      • extensions-file flag created which replaces both the dictionary and sipuri-dictionary
      • from-address flag renamed to from
    • sip utils templates dump now takes the method flag just like the rest of the tools
    • sip utils templates test:
      • takes a positional argument for the target, just like the rest of the tools
      • uses the method flag just like the rest of the tools
    • rtp bleed:
      • rounds which sets number of times to loop through the ports, now is not set thus resulting in infinite loops by default
      • removed the keep-probing flag which is no longer needed due to the default behavior
      • output flag created which replaces the save-pcap and save-wav flags
      • bleed-config flag created which replaces the following flags:
        • rtp-probe-count
        • rtp-probe-interval
        • rtp-attack-interval
        • rtcp-probe-count
        • rtcp-probe-interval
        • rtcp-attack-interval
    • rtp inject:
      • rounds which sets number of times to loop through the ports, now is not set thus resulting in infinite loops by default
      • rtp-payload flag created which replaces the send-dtmf and send-wav flags
      • added rate flag which sets the inject rate for the tool
    • sip dos flood:
      • flood-config flag created which replaces the nonce-reuse, static-cseq and static-branch flags
      • invite-mode flag is now called caller-mode
    • sip utils call:
      • invite-mode flag is now called caller-mode
    • removed the option to output to standard output for tls-key-log as this conflicted with JSON output
  • Fixed a bug in rtp flood where custom SIP templates were not being correctly loaded.

Documentation:

  • Introductory video added to main page; video at https://www.youtube.com/watch?v=9EL8Swns9z0.
  • Usage of the realm within the credentials flag is documented.
  • auth-config flag is now documented for all tools that support it.
  • Added instructions for RedHat-based Linux systems on how to install dependencies (Opus).
  • Future plans include STIR/SHAKEN support.
  • Documented bleed-config flag.
  • Updated examples for all new flags and those that were removed.

SIPVicious PRO core:

  • RTP Bleed: fixed bugs related to connectivity problems.
  • Race conditions in the SIP fuzzer as well as RTP Bleed fixed.
  • Fixed crashes in SIP fuzzer when too many concurrent connections were required.
  • RTP Bleed and Inject now support IPv6 (previously was broken).
  • Crash in Digest leak tool fixed, when callee mode was used together with register.
  • DTMF functionality added to RTP Bleed.
  • Fixed bug so that Digest Leak tool is no longer sending 200 OK together with the 401/407 challenge.
  • Various fixes to the internal SIP splitter to better handle SIP over connection transports.
  • Logging in all tools updated to provide better feedback.
  • SIP fuzzer now also supports the TLS keylog functionality.
  • Added delay when maximum requests have been reached in the SIP pinger so that all the results are received.
  • RTP flood now supports DTMF.
  • Maximum duration added for all tools so that the maximum run time can be limited.
  • RTP Inject now supports the rate limiter.
  • Fixed issue in RTP Bleed not quitting when network is down and ctrl^c or duration is reached.
  • SIP Digest Leak tool now supports DTMF and sending no RTP.
  • SIP Digest Leak tool now supports custom challenge values.
  • SIP Extension Enumeration tool was not exiting gracefully, returning results when ctrl^c or duration was reached.
  • RTP Flood in RTP-stream mode now also adheres to duration.
  • Exit codes fixes for RTP Flood and RTP Bleed which were not being set properly in the case of a bind error.
  • Fixed formatting error in standard output when multiple targets are provided and human-readable output is generated (did not affect JSON output).

v6.0.0-beta.3

Released on 2021-02-25

CUI: no changes at all

Documentation:

  • Website shifted to https://www.sipvicious.pro
  • A new members area is now available with details on how to become a paying member and other pages
  • Removed form for subscribing for the beta

SIPVicious PRO core:

  • Fixed a bug in the SIP callee utility where if registration fails, it would hang
  • SIP call utility now also supports DTMF payloads

v6.0.0-beta.2

Released on 2021-02-08

CUI:

  • sip crack online now takes input from standard input for password dictionaries, credentials and extensions apart from regular files
  • each tool now references the exact help page in the documentation
  • warnings related to license are given using standard logging so that it does not break automation systems
  • friendly warnings are now given for invalid target URIs
  • friendly warnings are now given for SIP URIs missing the sip: part of the URI

Documentation:

  • additional documentation on how to use GNU timeout to control SIPVicious in the automation pages
  • troubleshooting page has been updated with more compact instructions and configuration to generate debug files
  • tutorial updated with the new standardized output from the tools
  • basic installation instructions were added for radamsa and zzuf
  • documentation about using standard input for sip crack online dictionaries, extension file and credential files (username/password combination files) with example of how to use it with hashcat’s maskprocessor

SIPVicious PRO core:

  • specifying an invalid target URI now gives a more helpful error with an example of a valid target URI
  • RTP Bleed now exits gracefully when invalid hosts are specified as the target
  • SIP online cracker now scans password dictionary files line by line rather than reading the whole file in memory (led to crash on large files)
  • SIP DoS Flood tool now scans extension dictionary files line by line rather than reading the whole file in memory
  • fixed bug in password generation that was trying a blank password twice
  • SIP online cracker and extension enumeration tools now accept standard input instead of only local files for dictionary files etc
  • caller utility now waits until it exits so that a BYE can be correctly sent
  • by default, random numeric extensions are generated instead of alpha-numeric ones in the SIP online cracker
  • SIP crack online no longer generates more than one no response received error
  • SIP extension enumeration now adds a security issue when an extension does not require authentication
  • friendly warning is now given when the sip: part seems to be missing from a SIP URI
  • sip fuzz method now randomizes the SIP method when not specified
  • added client certificate support for TLS to the SIP DoS Flood and SIP fuzzing tools (other tools already supported this)
  • friendly warning added when setting parameters in SIP DoS Flood that causes authentication to never occur
  • fixed a crash due to divide by zero when only telephone-event is set in SDP response and no DTMF has been set
  • RTP Bleed and Inject are now both doing strict target validation, no port allowed

v6.0.0-beta.1

Released on 2020-12-02.

CUI:

  • new tool called sip fuzz method for fuzzing SIP messages
  • the results flag is now found in all tools
  • standardized output across all tools, with human-readable text and JSON support
  • standard error is used for logging while standard output is used for the results
  • exit codes standardized across all tools, inconsistencies fixed and updated for future compatibility (breaking change)

Documentation:

  • documentation shifted to https://docs.sipvicious.pro
  • major restructure of documentation pages with new sections called overview, learn, automation, documentation and support
  • new documentation for automation, including new pages detailing the new exit codes and results output
  • all cui-reference documents are now under the technical documentation section
  • new tool called sip fuzz method is documented
  • exit code documentation for each tool updated to highlight behaviour of exit codes 30 and 40
  • removed all example output from the tools which is now outdated
  • documentation for template functions now added

SIPVicious PRO core:

  • new SIP fuzzing functionality available in the core
  • Exit codes and Results are now standardized
  • SIGINT / CTRL^C now handled by all tools to exit gracefully
  • JSON Schema generation for each tool result
  • Added environment variable support in SIP templates
  • duration for sip dos flood fixed to work as expected
  • sip dos flood now caches templates for speed
  • sip dos flood refactoring for better clarity, handling of cnonce, nonce-reuse features
  • race condition fix in sip dos flood
  • fixed issue that netloop was stopping in sip dos flood and sip fuzz method, when rate was specified
  • added srtp support for sip dos flood and sip fuzz method
  • bug fix in sip dos flood with proxy authentication
  • fixed issue in sip dos flood when using auth and a 1xx message is received before a 401/7
  • fixed rtp flood to send a BYE at the end of a call
  • SIP method enumeration ignores provisional 100 responses
  • Fixed bugs in IPv6 support and made sure that all tools support IPv6
  • Fixed sip crack digest so that it exits when no responses are received

v6.0.0-alpha.5

Released on 2020-06-03.

CUI:

  • all attack tools now support exit codes
  • logfile flag now accepts JSON log file format when filename ends with .json
  • rtp and sip subcommands now all support the srtp flag
  • rtp bleed tool now supports the rate, save-pcap and save-wav flags
  • rtp flood tool now supports the SIP templates just like all sip subcommands
  • rtp inject tool now supports the send-dtmf flag
  • sip crack digestleak tool now supports the methods flag
  • sip crack online tool has now implemented the to, extensions-file, credentials, rate, range-fmt and pattern flags
  • sip dos flood tool now supports the no-prober and dictionary flags
  • sip enumerate extensions tool now supports the ext-fmt, auth-mode and register flags
  • sip enumerate methods tool does not support the conn-count flag any more
  • sip utils call now supports passing of DTMF instructions as values for the rtp-payload flag
  • sip utils templatest test now supports the credentials flag
  • sip utils ping updated to report network errors

Documentation:

  • Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples
  • New documentation page: Getting started with instructions on how to use most of the modules
  • Documentation of each tool now has advanced examples with comments indicating their use
  • Documentation of each tool now has an example of the output that it generates
  • Examples for usage of John the ripper and Hashcat added to the digest leak CUI page
  • Credentials flag documentation updated to show how to pass usernames or passwords that contain a colon
  • Automation documentation updated to indicate the concepts that are being implemented in SVPRO for automation
  • Duration flag definition is clarified to mean the maximum amount of time allowed for the tool
  • Documentation updated to reflect that all flags with TODO, except for DTLS SRTP support, have been fully implemented now

SIPVicious PRO core:

  • All tools now support exit codes properly
  • All tools now support returning results internally (not yet fully exposed through CUI)
  • DTMF support implemented, exposed in RTP Inject and the Caller utility
  • Changed way that hostnames are used to be compatible with IPv6 targets
  • Support for SRTP in all modules that process RTP
  • RTP Bleed support for the rate limiter, pcap and wav file generation
  • Major refactoring of the RTP Bleed module
  • RTP Flood support for the rate limiter
  • Major refactoring of the RTP Inject module
  • SIP Call module now supports DMTF RTP when the RTP payload starts with dtmf:
  • Major refactoring of the SIP Callee module to handle multiple calls at a time
  • Major refactoring of the SIP Crack Online module, plus various new features such as credentials and extensions file support and range format string
  • Major refactoring of the SIP Digest Leak module to properly support caller and callee modes
  • SIP Digest Leak module now supports John the Ripper and Hashcat output formats
  • SIP Flood module now supports a prober that detects when the target starts returning SIP or connection errors
  • Major refactoring of the SIP Flood module for stateless handling of SIP calls, and new features
  • Major refactoring of the SIP Extension Enumeration module to address problems with the previous logic; addressing false positives and negatives
  • Fixed hardcoded SIP URIs in BYE in SIP Method Enumeration module
  • Improved target host validation
  • Better handling of SIGINT (or control^c) in RTP Bleed and some other modules
  • Fixed nil pointer dereference in RTP flood, rtp-stream mode
  • Better logging in SIP Callee utility
  • SIP Digest Leak attack now ends the call correctly
  • SIP Digest Leak outputs raw SIP message to file
  • Fixed nil pointer dereference in SIP DoS Flood module
  • SIP DoS Flood now implements authentication mode and supports nonce-reuse
  • SIP Extension Enumeration module now properly supports valid authentication and enumeration using fake authentication
  • Failed DNS resolution no longer causes panic
  • SIP parsing problems on TCP addressed through the SIP splitter
  • Stale challenges during SIP authentication are now handled
  • SIP INVITE flood now sets the SDP for the win

v6.0.0-alpha.4

Released on 2020-03-30.

CUI:

  • rtp flood tool supports the srtp flag
  • rtp inject has been rewritten (note: save-pcap and send-dtmf flags not yet implemented)
  • sip crack digestleak tool supports the domain flag
  • sip dos flood flags have been renamed from from-address and from-domain to from and domain
  • sip enumerate extensions tool now takes 2 new flags: from-address and credentials
  • sip enumerate extensions now supports the register flag

Documentation:

  • release notes are now included in documentation
  • Only configuration file formats supported are now JSON, TOML and YAML
  • A number of internal links have been fixed
  • Installation page updated to remove Linux arm5 and Darwin 386 builds and gives instructions on how to install the Opus dependency
  • Documentation regarding exit codes for rtp commands has been fixed; specifically exit code 4
  • srtp flag documentation provided
  • Main page: opensource SIPVicious is now referred to as SIPVicious OSS instead of legacy; it’s first release date was actually 2007
  • Troubleshooting page has contact details

SIPVicious PRO core:

  • Opus support included in various tools
  • do not use sips: URIs then connection is TLS
  • fixed bug in the sip enumerate extensions probe phase, which meant that some results were missing
  • The SIP digest leak tool, SIP repeater and ping now obey the domain option
  • sip utils repeater now sets the From address in REGISTER messages to the one specified in the parameters rather than the destination extension
  • To address in SIP method enumeration is now as expected depending on the method
  • SIP method enumeration now observes the register flag
  • RTP inject code major re-factoring
  • Crack online tool rate limiter fixed (was crashing)
  • RTP Flooder now supports duration and further srtp related updates
  • RTP Flooder now sets the payload type/codec by inspecting SDP
  • SIP online cracker now pairing requests with responses to avoid false positives and false negatives
  • SIP extension enumeration now supports keeping a registration
  • SIP Flood fixes for negative WaitGroup bugs (resulting in crashes)
  • SIP call handling now stops call if a SIP 5xx/6xx error is received
  • SIP call handling bug fix for when call is not picked up immediately
  • When handling REGISTER responses, do not send a reply if the 401/407 response does not have an authentication header
  • Bug fix for sip enum methods which was hanging on non-existent IP on UDP
  • Bug fix for closed port on methods enumerate which was causing panic
  • SRTP calls enforce RTP/SAVP profile

v6.0.0-alpha.3

Released on 2020-11-27.

CUI:

  • rtp bleed new flags are implemented: rtcp-probe-count, proto, probe-all-ports, rtp-payload and rtcp-payload
  • sip crack online tool now made available; not all features implemented yet
  • sip enumerate methods rate limiting implemented
  • sip utils call and sip utils callee now support the srtp flag
  • sip utils callee not supports the domain flag
  • fixed bug in sip utils templates dump where if templates directory already exists, the templates get replaced
  • sip utils templates test now takes flags from command line to manipulate the output
  • all sip subcommands now take the srtp flag (might be changed in the future); but not all support it yet, thus marked with TODO

Documentation:

  • all tools now each include advanced examples
  • target specification documentation now available
  • documentation about templates now live
  • further information about the codec flag (various tools) on how to specify rates and channels in the SDP
  • sip crack online documented
  • documentation about the srtp flag added
  • sip enumerate extensions documentation about ext-fmt flag now added

SIPVicious PRO core:

  • RTP Bleed tool mostly rewritten and implemented all new options to support the rtcp-probe-count, proto, probe-all-ports, rtp-payload and rtcp-payload flags
  • SRTP mode code implemented, currently only supporting SDES
  • Fixed bug when a path was passed to a WebSocket target that led to malformed SIP URIs
  • SIP call and callee supports SRTP
  • SIP Crack Online tool created; not all features implemented yet
  • SIP Flood now shows samples of data be sent
  • SIP Ping now supports BYE
  • Bug fixes for SIP Ping which would cause it to stop on timeouts on TCP/TLS/WS/WSS
  • SIP Template test tool added
  • Default NOTIFY template now includes a Contact header
  • RTP Flooder now supports SRTP