Attacking Encrypted VOIP Protocols

Explore advanced techniques for attacking encrypted Voice over IP (VoIP) protocols in this 30-minute conference talk from the Hack In The Box Security Conference. Delve into the world of Session Initiation Protocol (SIP), a crucial control protocol for negotiating voice transmission attributes and authenticating calling parties. Learn how to intercept and decrypt encrypted SIP communications using tools like mitm_relay.py and BURP proxy. Discover a newly developed utility that streamlines password recovery by parsing intercepted data and performing brute force attacks on digest authentication. Gain insights into the similarities between SIP and HTTP digest authentication, and understand how these attack methods can be applied to both protocols. Master the process of compromising SIP sessions through a combination of interception, decryption, and automated parsing techniques.