EnableSecurity / Awesome Rtc Hacking
Licence: cc0-1.0
a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
Stars: ✭ 108
Labels
Projects that are alternatives of or similar to Awesome Rtc Hacking
Quickblox Javascript Sdk
JavaScript SDK of QuickBlox cloud backend platform
Stars: ✭ 98 (-9.26%)
Mutual labels: webrtc
Callroulette
A WebRTC demo using Python (asyncio + aiohttp) as the backend
Stars: ✭ 104 (-3.7%)
Mutual labels: webrtc
Awesome Aws Security
Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security
Stars: ✭ 100 (-7.41%)
Mutual labels: awesome-lists
Translator
Translator.js is a JavaScript library built top on Google Speech-Recognition & Translation API to transcript and translate voice and text. It supports many locales and brings globalization in WebRTC! https://www.webrtc-experiment.com/Translator/
Stars: ✭ 103 (-4.63%)
Mutual labels: webrtc
No Server Webrtc Android
A demo of using WebRTC with no signaling server. But in Kotlin (Java) for Android.
Stars: ✭ 105 (-2.78%)
Mutual labels: webrtc
Terminals Are Sexy
💥 A curated list of Terminal frameworks, plugins & resources for CLI lovers.
Stars: ✭ 10,235 (+9376.85%)
Mutual labels: awesome-lists
Opentok Network Test
Sample app to test network connectivity and statistics (bps, packet-lost)
Stars: ✭ 104 (-3.7%)
Mutual labels: webrtc
Rn Voice Video Call
Usage of WebRTC for voice & video call with peer-to-peer or conference with Login and Register screen using response & Async storage with Call Dis/Connect, Failed and Idle views in react native. Youtube:
Stars: ✭ 100 (-7.41%)
Mutual labels: webrtc
Cloud Game
Web-based Cloud Gaming service for Retro Game
Stars: ✭ 1,374 (+1172.22%)
Mutual labels: webrtc
Kamailio
Kamailio - The Open Source SIP Server for large VoIP and real-time communication platforms -
Stars: ✭ 1,358 (+1157.41%)
Mutual labels: webrtc
Licode Erizoclientios
IOS Erizo client library for Licode WebRTC Framework
Stars: ✭ 107 (-0.93%)
Mutual labels: webrtc
Opentok Ios Sdk Samples Swift
Sample applications using the OpenTok iOS SDK in Swift
Stars: ✭ 105 (-2.78%)
Mutual labels: webrtc
Awesome Mac
Now we have become very big, Different from the original idea. Collect premium software in various categories.
Stars: ✭ 46,674 (+43116.67%)
Mutual labels: awesome-lists
Webrtc Experiment
WebRTC, WebRTC and WebRTC. Everything here is all about WebRTC!!
Stars: ✭ 10,335 (+9469.44%)
Mutual labels: webrtc
Awesome Safety Critical
List of resources about programming practices for writing safety-critical software.
Stars: ✭ 1,425 (+1219.44%)
Mutual labels: awesome-lists
Awesome Real-time Communications hacking & pentesting resources
This list aims to cover VoIP, WebRTC and VoLTE security related topics.
Please create a PR if you think anything should be added to this list. Let us know if you think anything should be removed.
Presentation Slides
- Hacking VoIP Exposed from Black Hat USA 2006.
- Mobile network hacking – All-over-IP edition from SRLabs at Blackhat EU 2019
- Monitoring SIP Traffic Using Support Vector Machines
Videos
- HITBHaxpo D1: VoLTE Phreaking - Ralph Moonen
- Kamailio World 2019: The Various Ways Your RTC May Be Crushed - Sandro Gauci
- Kamailio World 2018: A tale of two RTC fuzzing approaches - Sandro Gauci
- Kamailio World 2017: Listening By Speaking - Security Attacks On Media Servers And RTP Relays - Sandro Gauci
- Kamailio World 2016: 9 Years Of Friendly Scanning And Vicious SIP - Sandro Gauci
- Kamailio World 2015: VoIP Security – Bluebox ng Continuous Pentesting - Sergio García Ramos
- Kamailio World 2013: VoIP Security Tools - Anton Roman
- Blackhat EU 2019: Mobile network hacking - All-over-IP edition - Karsten Nohl, Luca Melette & Sina Yazdanmehr
- Jailbreak Brewing Company Security Summit: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568 - Maddie Stone
- RhurSec 2016: Eavesdropping on WebRTC Communication - Martin Johns
- Hak5 1813: SSL Hack Workarounds and WebRTC Flaws
- media.ccc.de: WebRTC Security - Stephan Thamm (language: german)
Advisories
- Cisco IOS and IOS XE SIP Protocol Denial of Service Vulnerability
- Polycom Phones SIP Registration Credential Abuse
- Cisco IOS XE Software NAT SIP Application Layer Gateway Denial of Service Vulnerability
- Cisco TelePresence Video Communication Server SIP DoS Vulnerability
- Voice over LTE implementations contain multiple vulnerabilities
- Asterisk RTP Bleed
- Asterisk pjSIP CSeq Overflow
- Juniper Junos Router OS DoS
- OpenScape Desk Phones HFA and SIP CSRF and Privilege Escalation
- Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA
- Interaction SIP Proxy Buffer Overflow in SIPParser() Leads to DoS
- Asterisk pjSIP Multi Parser Out-of-Bound Memory Access
- Asterisk Skinny Memory Exhaustion
- Asterisk Stack Corruption in
subscribeMessage - Asterisk Segfault with Invalid SDP
fmtpAttribute - Asterisk Segfault with Invalid Media Format Descriptiom
- Asterisk Segfault with
INVITEReplay Attack - Kamalio Off-By-One Heap Overflow
- New RCS technology exposes most mobile users to hacking
- Zoom Communications user enumeration
Open-source tools
- SIPVicious OSS - A set of tools to audit SIP based systems.
- SIPPTS - Another set of tools to audit VoIP servers and devices using SIP protocol.
- bluebox-ng - Pentesting framework using Node.js powers, focused in VoIP.
- SigPloit - Tool which covers all used SS7, GTP (3G), Diameter (4G) or even SIP protocols for IMS and VoLTE infrastructures.
- vsaudit - VoIP security assessment framework.
- rtpnatscan - Tool which tests for rtpbleed vulnerability.
- VIPROY - VoIP pentest framework which can be used with the metasploit-framework.
- SIP Proxy - A VoIP security testing tool.
- Metasploit auxiliary modules
- SIPp: SIP based test tool / traffic generator.
- Mr.SIP - SIP based audit and attack tool.
- VoIPShark - Open Source VoIP Analysis Platform
- Turner - PoC for tunnelling HTTP over a permissive/open TURN server.
- sipsak - SIP swiss army knife, has some features that can be used for security testing (e.g. flood more or random mode)
- turnproxy - Tool to abuse open TURN relays
Papers
- Performance Analysis of SIP Based VoIP Networks (local copy)
- Abusing SIP Authentication
- Multiple Design Patterns for Voice over IP (VoIP) Security
- Adaptive VoIP Steganography forInformation Hiding within Network Audio Streams
- Realtime Steganography with RTP (local copy)
- A Lossless Steganography Technique for G.711 Telephony Speech
- CallRank: Combating SPIT Using Call Duration, SocialNetworks and Global Reputation
- Steganography of VoIP streams
- Steganalysis of compressed speech to detect covert VoIP channels
- Securing Voice over Internet Protocol
- Protecting SIP Proxy Servers from Ringing-based Denial-of-Service Attacks
- An ontology description for SIP security flaws
- Analysis of DDoS Attacks in Heterogeneous VoIP Networks: A Survey
- Change Point Detection for Monitoring SIP Networks
- Network security systems to counter SIP-based denial-of-service attacks
- Multilayer Secured SIP Based VoIP Architecture
- Battling Against DDoS in SIP
- Billing Attacks on SIP-Based VoIP Systems
- Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems
- An Analysis of Security Threats and Tools in SIP-Based VoIP Systems
- Fast Detection of Denial-of-ServiceAttacks on IP Telephony
- VoIP Security: Threat Analysis & Countermeasures (local copy)
- Voice Over IP - Security and SPIT
Blogs
- Communication Breakdown - A blog about VoIP, WebRTC and real-time communications security by Enable Security; (formerly SIPVicious blog)
- Pepelux blog (Spanish)
Notable blog posts and articles
- Understanding DTLS Usage in VoIP Communications
- How we abused Slack's TURN servers to gain access to internal services
- Analyzing WhatsApp Calls with Wireshark, radare2 and Frida
- Adventures in Video Conferencing Part 1: The Wild World of WebRTC
- Adventures in Video Conferencing Part 2: Fun with FaceTime
- Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp
- Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsApp
- Adventures in Video Conferencing Part 5: Where Do We Go from Here?
Books
- Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, Second Edition 2nd Edition (published December 20, 2013)
- Hacking VoIP: Protocols, Attacks, and Countermeasures (published March 21, 2008)
- SIP Security (published April 27, 2009)
Commercial tools
Vulnerabilities
The following are generic or common vulnerabilities that are related to either signalling, media or infrastructure.
CTFs and playgrounds
- SIPVicious PRO demo server - for testing RTC attacks
- CSAW CTF Qualification Round 2020 / Tasks / WebRTC - a CTF that featured a WebRTC related challenge
Related lists
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].