Web Application Security

SIPTorch – Session Initiation Protocol Testing

0

SIPTorch is a testing suite for the Session Initiation Protocol. These tests, popularly known as SIP Torture Tests are primarily meant to harden and refine both the SIP protocol and its implementations. Hopefully this tool will help shaping SIP into a globally interoperable protocol for real time Internet communication services.

Presently the tool implements the tests mentioned specifically in the RFC 4475, but future extensions to the modules is planned. The tests are divided into several sections – some stress the parser, some test the implementation of application/transaction layer semantics, some messages are themselves invalid, while others test backward compatibility. This tool however does not support IPv6 elements for now.

Highlights

  • Implements full support for testing IPv4 elements.
  • 48 modules crafted precisely for accurate tests.
  • User is in complete control of how the tool works.
  • Report generation functionality in markdown format.
  • Easily extensible modules library.

Modules

Please have a look at the modules.json for detailed version:

  • Application Layer Semantics
    • 200 OK Response with Broadcast Via Header Field Value
    • REGISTER with a Contact Header Parameter
    • REGISTER with a URL in Contact Header Parameter
    • INVITE Message Missing Required Header Fields
    • Unknown/Invalid Content Type
    • Invalid/Unacceptable Accept Offering
    • Zero Value in Max-Forwards Header
    • OPTIONS with Multiple Content-Length Values
    • Multiple Values in Single Value Required Fields
    • Request-URI with Known but Atypical Scheme
    • REGISTER with a URL Escaped Header
    • OPTIONS With Unknown Proxy-Require and Require Scheme
    • Unknown/Invalid Authorization Scheme
    • OPTIONS Request URI with Unknown Scheme
    • Unknown Request URI with Unknown Scheme in Header Fields
  • Backward Compatability Tests
    • INVITE With RFC 2543 Syntax Support
  • Invalid Messages
    • Invalid Time Zone in Date Header Field
    • Unterminated Quoted String in Display Names
    • Response with Overlarge Status Code
    • Content Length Larger Than Message
    • Request Method with CSeq Method Mismatch
    • Escaped Headers in SIP Request-URI
    • Extraneous Header Field Separators
    • Negative Content-Length
    • Non-token Characters in Display Name
    • </> Enclosing Request-URI
    • Multiple Space Separating Request-Line Elements
    • Malformed SIP Request-URI with Embedded LWS
    • Unknown Method with CSeq Method Mismatch
    • Negative Content-Length
    • Failure to Enclose name-addr URI in <>
    • Request Scalar Fields with Overlarge Values
    • Response Scalar Fields with Overlarge Values
    • Spaces Within Address Specification
    • Escaped Headers in SIP Request-URI
    • Unknown Protocol Version
  • Syntactical Parser Tests
    • Extra Trailing Octets in a UDP Datagram
    • Use of % When It Is Not an Escape
    • Escaped Nulls in URIs
    • Valid Use of the % Escaping Mechanism
    • Long Values in Header Fields
    • Message with No LWS between Display Name and <
    • Multipart MIME Message
    • Content Length Larger Than Message
    • Semicolon-Separated Parameters in URI User Part
    • Varied and Unknown Transport Types
    • Unusual Reason Phrase
  • Transaction Layer Semantics
    • Branch Tag Missing Transaction Identifie

Installation

The only external requirement for this tool is the pluginbase library, which can be easily installed using pip:

python3 -m pip install pluginbase

or

python3 -m pip install -r requirements.txt

Usage

Here is the help output from SIPTorch:

  SIPTorch - A SIP Torture Testing Suite
           Version : v0.1.0

usage: ./siptorch.py -u <url/ip> [options]

Required Arguments:
  -u TARGET, --target TARGET
                        Destination target to test

Optional Arguments:
  -p RPORT, --rport RPORT
                        Destination port to use for sending packets to (default 5060)
  -P LPORT, --lport LPORT
                        Local source port to use for binding to (default 5060)
  -o OUTPUT, --output OUTPUT
                        Output directory to write results to
  -d DELAY, --delay DELAY
                        Specify delay in seconds between two subsequent requests
  -t TIMEOUT, --timeout TIMEOUT
                        Timeout value in seconds
  -v, --verbose         Increase output verbosity, multiple -v increase verbosity
  -q, --quiet           Decrease verbosity to lowest level
  -V, --version         Display the version number and exit
  --user-agent USER_AGENT
                        Use custom user-agent
  --spoof-ua            Spoof user-agents with every request
  --build-cache         Build the modules cache (when a new module has been added)

For a testbed, you’ll require a URL/IP which talks SIP.
For testing purposes you can use a publicly hosted testing server at demo.sipvicious.pro.

  • Examples:
    • Basic example usage:
    ./siptorch.py -u sip.example.com --rport 5060 -v
    • Specify timeout and add delay between requests:
    ./siptorch.py -u sip.example.com --delay 2 --timeout 10
    • Spoof useragents with every request and add local port
    ./siptorch.py -u sip.example.com --spoof-ua --lport 5080

After performing all the tests, the results of the tool are stored in a markdown file under the siptorch-output/ folder in your current working directory.

For more advanced usage, you can have a look at the configuration variables and edit them as per your need. Then fire up the tool as you would normally do.

New modules

SIPTorch has been designed in a very flexible way so as to allow easy extension of modules. Writing a new module involves these steps:

  • Decide which category of tests are you going to write a module on.
  • Look at some examples of modules under the category, and write yours.
  • Put it inside the specific folder under modules/ directory.
  • Run ./siptorch.py --build-cache to generate the updated modules.json.
  • Test the module on a target and check whether the results are intended.
  • Submit a pull request. 🙂

Github

Tidos – Offensive Web Application Penetration Testing Framework

Previous article

cwe_checker

Next article

You may also like

Comments

Leave a reply

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir