Interceptar converssas voip(Intercept conversations VoIP / UC)


Ideal para tentar controlar os seus filhos...Pois hoje em dia nunca fiar!!

It is possible to intercept conversations on the VoIP protocol because the sequences of voice data are generally transmitted in the IP protocol through the RTP transport protocol. This protocol provides the transfer functions suitable for real-time data such as audio, video or simulation, network services in multicast or unicast. The voice is sent in compressed codecs that are used to convert sequence data into the side of the transmitter and receiver. RFC-3551 describes how audio and video data can be carried within RTP and also define a system of standard decoders and their names, when used within RTP.

To use a sniffer to capture conversations that extracts parameters such as RTP ports, IP addresses of the meeting of the RTP sender and receiver and dynamic codec types of SIP session that precedes the data flow in RTP. After capture and decode the RTP audio streams encoded with the codecs. After decoding the audio is saved to sound files on your hard drive. VoIP sniffer program can decrypt and record conversations are encoded with the codecs supported by those programs.

Capture conversations from the Windows platform.

Using a popular and versatile use Cain & Abel, which can decode the RTP audio streams encoded with the following codecs: G.711 uLaw, ALaw G771, ADPCM, DVI4, LPC, GSM610, Microsoft GSM, L16, G729, Speex, iLBC, g723 1, G726-16 G726-24 G726-32 G726-40, LPC-10. Also implemented a module for poisoning the ARP cache to avoid limitations imposed by the traffic broadcast switch. The switch only sends packets between hosts that are included in its ARP table, thereby limiting the broadcast between the transmitter and receiver, with ARP poisoning is achieved through a technique called attack man-in-the-middle distort to the attacker's MAC able to receive that broadcast and capture VoIP conversations between the sender and receiver.

To begin to intercept traffic Cain & Abel you click "Start / Stop Sniffer" to the left in the toolbar. We selected the Sniffer tab at the top, then click on the tab VoIP bottom. The sniffer will capture the talks by laying them on a warrant list. When you stop the sniffer can play the generated files in WAV format, which is in the Storage installation path of the program, if chosen in the installation is the default path would be: "C: \ Program Files \ Cain \ VoIP. "

If we use the technique of ARP poisoning just have to click with the sniffer on the button "Start / Stop APR", select the APR of the bottom of the screen and press the "+" on the toolbar. Displays a menu where you choose in the left hand side where the IP network equipment, the equipment you want to intercept, which appear in the right area, click OK to finish and would already be running ARP poisoning .

Capture conversations from other platforms.

Using Voipong that intercepts communications in the VoIP network using the protocols: SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP. Decodes audio streams encoded with the G.711 codec, converting them to WAV format. It is written in C for greater efficiency and operates on platforms: Solaris, Linux and FreeBSD.

Before installing you must have installed the libpcap library to capture packets. After installing the program and libpcap edit the configuration file voipong the default path "/ usr / local / etc / voipong / voipong.conf", checking that the parameters are correct. We changed the parameters "soxpath and soxmixpath" with the path and sox soxmix respectively. To find the routes we can use the command "whereis". We changed the "device" in which we have to put the name of the interface through which the intercepted packets. Also modify the "OUTD" in the path where the files are saved in WAV format for the talks that were captured.

Once configured you can run the program with sentecia "voipong" for the better functioning Voipong run in debug mode, so that does not work in daemon mode with the-f and-d4. The files in WAV format to find the conversations intercepted en route assigned as output in the file voipong.conf.

To perform ARP poisoning can use the tool Arpoison.

Syntax:

NAME
arpoison - arp cache update utility
SYNOPSIS
arpoison-i-d-s-t-r
[-a] [-n number of packets] [-w time between packets]
DESCRIPTION
Arpoison constructs an ARP REQUEST or REPLY packet using the
specified hardware and protocol addresses and sends it out the specified interface.
-i Device e.g. eth0
-d Destination IP address in dotted decimal notation.
-s Source IP address in dotted decimal notation
-t Target MAC address e.g. 00: f3: b2: 23:17: f5
Source MAC address-r
-a Send ARP REQUEST
n-Number of packets to send
-w Time in seconds between packets

To determine the MAC addresses only need to ping the machines we want to attack and find its MAC viewing our ARP table with "arp-nv-i eth0".

** How to prevent the attack.

The best way to prevent the attack is encrypted, the key is to choose an encryption algorithm for fast and efficient. Techniques would be more efficient: VPN (virtual personal network), the protocol and other protocols such as Ipsec ZRTP. The least known is the ZRTP protocol created by Phil Zimmermann (creator of PGP), Jon Callas and Alan Johnston is a key agreement protocol of Diffie-Hellman for the establishment of a call data flow Real-time Transport Protocol (RTP), which has been established using the signaling protocol Session Initiation Protocol (SIP), generating a shared secret that is used for keys in a secure session.

The great advantage of this protocol is that it requires a Calve public infrastructure (PKI). The ZRTP protocol can be implemented on Windows platforms, Linux and Mac OS X application using Zfone. This application to encrypt communications VoIP works with most clients: X-Lite, Gizmo, Apple iChat AV (audio and video), XMeeting and SJphone, Skype does not work with this client because it uses closed protocols.

More info and download Cain & Abel:
http://www.oxid.it/cain.html
Cain & Abel Manual:
http://www.oxid.it/ca_um

More info and download Voipong:
http://www.enderunix.org/voipong

Manual Voipong:
http://www.enderunix.org/voipong/manual

More info and download Arposion:
http://www.arpoison.net

More info and download Zfone:
http://zfoneproject.com

IETF protocol ZRPT:
http://tools.ietf.org/html/draft-zimmermann-avt-zrtp-04

creditos:darknesses

0 comentários: