rootninja

Looking to sniff your VoIP traffic?

According to the sourceforge site, UCSniff is a VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and available on Linux and Windows, the software is free and available for anyone to download, under the GPLv3 license.

VideoSnarf is a new security assessment tool that takes an offline pcap as input, and outputs any detected media streams (RTP sessions), including common audio codecs as well as H264 Video support.

* http://ucsniff.sourceforge.net/videosnarf.html

ACE (Automated Corporate Enumerator, bundled with UCSniff) works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools.

You can run UCSniff in passive mode or man-in-the-middle with ARP poisoning. This should only be used on networks you own and/or have explicit permission to test on.

You can find this tool on VAST and Blackbuntu (penetration testing distributions) along with a chain of other utilities useful for learning and research purposes.

* http://www.blackbuntu.com/