ohrwurm Package Description
ohrwurm is a small and simple RTP fuzzer that has been successfully tested on a small number of SIP phones. Features:
- reads SIP messages to get information of the RTP port numbers
- reading SIP can be omitted by providing the RTP port numbers, sothat any RTP traffic can be fuzzed
- RTCP traffic can be suppressed to avoid that codecs
- learn about the “noisy line”
- special care is taken to break RTP handling itself
- the RTP payload is fuzzed with a constant BER
- the BER is configurable
- requires arpspoof from dsniff to do the MITM attack
- requires both phones to be in a switched LAN (GW operation only works partially)
Source: http://mazzoo.de/blog/2006/08/25#ohrwurm
ohrwurm Homepage | Kali ohrwurm Repo
- Author: Matthias Wenzel
- License: GPLv2
Tools included in the ohrwurm package
ohrwurm – RTP fuzzer
[email protected]:~# ohrwurm
ohrwurm-0.1
usage: ohrwurm -a <IP target a> -b <IP target b> [-s <randomseed>] [-e <bit error ratio in %>] [-i <interface>] [-A <RTP port a> -B <RTP port b>]
-a <IPv4 address A in dot-decimal notation> SIP phone A
-b <IPv4 address B in dot-decimal notation> SIP phone B
-s <integer> randomseed (default: read from /dev/urandom)
-e <double> bit error ratio in % (default: 1.230000)
-i <interfacename> network interface (default: eth0)
-t suppress RTCP packets (default: dont suppress)
-A <port number> of RTP port on IP a (requires -B)
-B <port number> of RTP port on IP b (requires -A)
note: using -A and -B skips SIP sniffing, any RTP can be fuzzed
ohrwurm Usage Example
Fuzz two hosts (-a 192.168.1.123 -b 192.168.1.15), both on port 6970 (-A 6970 -B 6970), through interface eth0 (-i eth0):
[email protected]:~# ohrwurm -a 192.168.1.123 -b 192.168.1.15 -A 6970 -B 6970 -i eth0
ohrwurm-0.1
using random seed 2978455466