Disclaimer: This blog is for educational purpose only!!!
In our previous blog we used Nessus to scan our infrastructure and find out loopholes on services which are running on different IP addresses of virtual machines. Now, In this blog we will discuss and explain how vulnerable protocol and misconfiguration helps an attacker or malicious people to exploit vulnerability in VoIP (Voice Over Internet Protocol) such as eavesdropping.
What is eavesdropping?
Eavesdropping means listening someone’s private conversation without knowing them. Now, here what is the meaning of eavesdropping in VoIP?
Any medium or big size organizations are using VoIP telephones which are present on employees desk or any other places and these VoIP telephones network infrastructure services use vulnerable protocol and misconfigurations. This can help attacker or malicious peoples to secretly listen employees or any person private conversation without knowing them in the same network.
In this blog we will show practically VoIP protocols and service eavesdropping and extracting voice from captured RTP packets.
First we start “Trixbox” virtual machine, So VoIP server will start.
After successfully start of “Trixbox” virtual machine then IP address will be assigned to it automatically as our system is connected through network. This assigned IP address will help to open “Trixbox” web GUI interface on browser. The GUI interface helps us to add extension or add SIP devices, setting, configuration etc.
Now for adding new user, we need to go to
PBX --> PBX settings --> Extension left side menu
Now, we have added three users and also given passwords for authentication purpose at client-side.
We installed Zoiper phone software for VoIP calling through my Kali Linux.
We, also installed Zoiper phone software in Windows 7 virtual machine for VOIP calling from it to Kali Linux Zoiper Phone.
Now we are going to configure Trixbox accounts, which we have created already in web interface of Trixbox server as shown above.
Entering number details with host IP address and Password to authenticate. The details have to match with our created account details in Trixbox server.
Below image shows that account is configured with VoIP server.
Now we try to call between both devices in different windows using Zoiper Phone software and Trixbox VoIP server and we are able to call.
In background, we already started Wireshark to start capture the VoIP call traffic to understand deeply how protocol is working, how packets are going from source to destination. Also, Wireshark is used to record call packet without user permission in network and then we will try to recover call record and listen conversion after decoding the calls of captured VoIP traffic.
In Wireshark menu “Telephony” option is present. By clicking on “Telephony” option a drop down option will open in which “VoIP Calls” option is present then click on it and it will show VoIP call traffic details only from captured traffic.
Now, analyze particular VoIP call traffic.
Do the analysis of VoIP calls deeply, how connection is established and handshake is done in Wireshark GUI based.
Now we check RTP protocol stream packets from same menu option “Telephone“
Do further analysis of particular packet by clicking on particular session then click on “Analyze” button then pop will show.
In RTP protocol stream analysis “Save” button is displayed which we can use to save the conversion in “.au” format of Unsynchronized or Synchronized forward stream audio.
Now we extracted the VOIP call conversion between two persons which is not supposed to happen because any hacker can capture the VOIP conversion packets without user permissions and from that captured packets hackers can extract conversion between two persons by this technique which is illegal.
We can listen this extracted audio file by using VLC player. If we want to convert the file in such a format which is supported by every player we can use online audio file converting sites to change “.au” format to some other audio format which is supported by all media players.
How to Prevent:
To secure VoIP infrastructure from such type of attacks, organization should implement an encryption protocol to encrypt the channel and this can help to secure the clients VoIP.
References:
- https://sourceforge.net/projects/asteriskathome/
- https://www.wireshark.org/
- https://www.videolan.org/vlc/
- https://www.zoiper.com/
- https://www.freepik.com/