VoIPHopper 介绍

VoIP Hopper是一个GPLv3许可的安全工具,用C语言编写,也快速运行一个VLAN hop合成进入到在特定的以太网交换机语音VLAN上, VoIP的吓一跳设备通过模拟IP电话的行为,在思科,AVAYA,北电网络和阿尔卡特朗讯的环境中都可以做到这一点。这需要两个步骤,为了访问跟遍历VLAN内进行未经授权的的工具,首先,发现使用的IP电话正确的12位语音VLAN ID(VVID) VoIP的料斗支持多种协议的发现方法(CDP,DHCP,LLDP-MED,802.1Q ARP)这是重要的第一步。其次,该工具创建的操作系统上的虚拟VoIP的以太网接口。然后,它把包含12位VVID成伪造DHCP请求伪造4个字节的802.1Q VLAN头。一旦收到在VoIP VLAN子网的IP地址,所有后续的以太网帧“标记”与伪造的802.1Q头部帧。VoIP Hopper是一个VLAN合成测试工具,也是用来测试VoIP基础设施的安全性的工具,

资料来源:http://voiphopper.sourceforge.net/details.html
VoIPHopper 首页
VoIPHopper 源代码库

包含在voiphopper里的工具

voiphopper - 运行一个VLAN hop的安全测试
:~# voiphopper -h
VoIP Hopper Extended Usage:

Miscellaneous Options:
    -l (list available interfaces for CDP sniffing, then exit)
    Example:  voiphopper -l
    -m (Spoof the MAC Address, then exit)
    Example:  voiphopper -i eth0 -m 00:07:0E:EA:50:86
    -d (Delete the VLAN Interface, then exit)
    Example:  voiphopper -d eth0.200
    -V (Print the VoIP Hopper version, then exit)
    Example:  voiphopper -V

MAC Address Spoofing Options (used with -a, -v, or -c options):
    -m (Spoof the MAC Address of existing interface, and new Interface)
    -D -m (Spoof the MAC Address of only new Voice Interface)
    Example:  voiphopper -i eth0 -m 00:07:0E:EA:50:86
    Example:  voiphopper -i eth0 -D -m 00:07:0E:EA:50:86

CDP Sniff Mode (-c 0)
    Example:  voiphopper -i eth0 -c 0

CDP Spoof Mode (-c 1):
    -E <string> (Device ID)
    -P <string> (Port ID)
    -C <string> (Capabilities)
    -L <string> (Platform)
    -S <string> (Software)
    -U <string> (Duplex)

Example Usage for SIP Firmware Phone:
voiphopper -i eth0 -c 1 -E 'SIP00070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P003-08-8-00' -U 1

Example Usage for SCCP Firmware Phone:
voiphopper -i eth0 -c 1 -E 'SEP0070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P00308000700' -U 1

Example Usage for Phone with MAC Spoofing:
voiphopper -i eth0 -m 00:07:0E:EA:50:86 -c 1 -E 'SEP00070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P003-08-8-00' -U 1

Avaya DHCP Option Mode (-a):
    Example:  voiphopper -i eth0 -a
    Example:  voiphopper -i eth0 -a -m 00:07:0E:EA:50:86

VLAN Hop Mode (-v VLAN ID):
    Example:  voiphopper -i eth0 -v 200
    Example:  voiphopper -i eth0 -v 200 -D -m 00:07:0E:EA:50:86

Alcatel VLAN Discovery (-t 0|1|2):
    Example:  voiphopper -i eth0 -t 0
    Example:  voiphopper -i eth0 -t 1
    Example:  voiphopper -i eth0 -t 0 -m 00:80:9f:ad:42:42
    Example:  voiphopper -i eth0 -t 1 -m 00:80:9f:ad:42:42
    Example:  voiphopper -i eth0 -t 2 -v 800
    Example:  voiphopper -i eth0 -t 2 -v 800 -m 00:80:9f:ad:42:42

voiphopper 用法示例

:~# voiphopper -i eth0 -z
VoIP Hopper assessment mode ~ Select 'q' to quit and 'h' for help menu.
Main Sniffer:  capturing packets on eth0
a
Analyzing ARP packets on default interface: eth0
New host #1 learned on eth0: (MAC): 78:ca:39:fe:0b:4c   (IP): 192.168.1.229
New host #2 learned on eth0: (MAC): 60:6b:bd:5a:b6:6c   (IP): 192.168.1.213
New host #3 learned on eth0: (MAC): 40:6c:8f:1b:cb:90   (IP): 192.168.1.232
a
Disabling analysis of ARP packets on default interface:  eth0