SIP Proxy VoIP Security Test Tool

[Philipp Haupt <philipp.haupt () hsr ch>]

SIP Proxy is an Open Source VoIP security test tool which has been 
developed by the students Philipp Haupt and Matthias Hürlimann during 
their diploma thesis and second student research project at the 
University of Applied Sciences Rapperswil (www.hsr.ch). Business partner 
was Compass Security AG in Rapperswil (www.csnc.ch).

In the so called "Proxy Mode", the application acts as a proxy between a 
VoIP PBX (e.g. Asterisk) and a UA (VoIP hard- or softphone). SIP traffic 
can be sniffed and dynamically manipulated with the help of regular 
expressions. Logged SIP messages can be modified and resent.
In the "Test Case Mode" predefined security tests which are specified as 
XML files can be run against a specific target. Fuzzing technology, 
which is a kind of black-box testing, can be applied to find weak spots 
in VoIP devices. There are many more specific modules which can be used 
within such a test case. For example Wordlist- or Bruteforce attacks.
While running a test case, feedback is given by displaying a grahical 
report which can be exported in a printable PDF document afterwards.

With the help of SIP Proxy, several software bugs and configuration 
faults in specific VoIP devices have already been discovered.

Check out this new and innovative software on SourceForge: 
http://sourceforge.net/projects/sipproxy


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------