https://github.com/pentesteracademy/voipshark

VoIPShark is a open source VoIP Analysis Platform which will allow people to analyze live or stored VoIP traffic, easily decrypt encrypted SRTP stream, perform macro analysis, generate summary specific to VoIP traffic/nodes and export calls/SMS/DTMF in popular user friendly file formats.
https://github.com/pentesteracademy/voipshark

Last synced: 2 months ago
JSON representation

VoIPShark is a open source VoIP Analysis Platform which will allow people to analyze live or stored VoIP traffic, easily decrypt encrypted SRTP stream, perform macro analysis, generate summary specific to VoIP traffic/nodes and export calls/SMS/DTMF in popular user friendly file formats.

• Host: GitHub
• URL: https://github.com/pentesteracademy/voipshark
• Owner: pentesteracademy
• Created: 2019-05-31T13:31:14.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-02-18T07:49:04.000Z (almost 5 years ago)
• Last Synced: 2024-08-03T21:01:23.761Z (6 months ago)
• Language: Lua
• Homepage:
• Size: 16.7 MB
• Stars: 75
• Watchers: 3
• Forks: 19
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-rtc-hacking - VoIPShark - Open Source VoIP Analysis Platform (Open-source tools)

README

        


## VoIPShark: Open Source VoIP Analysis Platform

VoIPshark is an open source platform for VoIP analysis. It is created as a collection of Wireshark plugins. After installation, it will be available within Wireshark. This platform was created while working on "VoIP Traffic Analysis" course. Those interested can check the course here: https://www.pentesteracademy.com/course?id=43

VoIPShark will enable the user to do the following:

1. Perform macro analysis on VoIP traffic

2. Decrypt live or stored VoIP traffic while preserving packet structure and time information

3. Export VoIP audio streams to popular media formats

4. Detect the following threats/attacks

   * Message flood

   * Invite flood

   * SIP MiTM attack

   * Teardown

   * Enumeration

   * Attack tool detection

### Demo Video: https://www.youtube.com/watch?v=oSLyqt8A8lI

## Installation

### Step 1: Install library

#### For Linux and MacOS:

1. Create directory "/usr/local/lib/lua/5.2/" if it does not exist

       mkdir -p /usr/local/lib/lua/5.2/

2. Download VoIPShark and copy lockbox folder to "/usr/local/lib/lua/5.2/" directory

       git clone https://github.com/pentesteracademy/voipshark.git

       mv voipshark/lockbox /usr/local/lib/lua/5.2/

   

#### For Windows:

Download VoIPShark and copy lockbox folder to wireshark program directory.

To find out the location of wireshark program directory, check `Help > About Wireshark > Folders` (highlighted in green)







### Step 2: Installing VoIPShark

1. Copy the "plugins" directory to Wireshark personal plugins directory.

2. Start wireshark. :)

One can get the location of wireshark plugins directory by checking `Help > About Wireshark > Folders` (highlighted in yellow)

![](https://user-images.githubusercontent.com/743886/43845711-72426d36-9ae1-11e8-9945-0bbe8e078e2a.png)

## Tool featured at

- DEF CON China 1.0 Main stage 

- Blackhat Asia 2019 Arsenal 

## Sister Project

PA-Toolkit (https://github.com/pentesteracademy/patoolkit)

## Author

- Nishant Sharma, R & D Manager, Pentester Academy 

- Ashish Bhangale, Sr. Security Researcher, Pentester Academy  

- Jeswin Mathai, Security Researcher, Pentester Academy  

Under the guidance of Mr. Vivek Ramachandran, CEO, Pentester Academy

## Screenshots

Decrypting SRTP: SRTP Packets

![Wireshark_2019-04-30_13-19-16](https://user-images.githubusercontent.com/25884689/58720935-1b0cba80-8406-11e9-9473-2142f93377de.png)

Decrypting SRTP: Enabling Auto Decryption



Decrypting SRTP: Decrypted SRTP (RTP)

![Wireshark_2019-04-30_13-20-14](https://user-images.githubusercontent.com/25884689/58721022-5b6c3880-8406-11e9-94fa-7a03d6558f0f.png)

Exporting Call Audio: Exported Streams 



SIP Information Gathering : SIP Auth Export



SIP Information Gathering : DTMF



 VoIP Attack Detection: Bruteforce



 VoIP Attack Detection: Unauthenticated Users



## License

This program is free software: you can redistribute it and/or modify

it under the terms of the GNU General Public License v2 as published by

the Free Software Foundation.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

GNU General Public License for more details.

You should have received a copy of the GNU General Public License

along with this program.  If not, see .