Tutorial

Introduction

SIPVicious PRO comes with a built-in templating system to customize your SIP messages before they are sent. This allows a certain level of flexibility that is very useful when performing both manual and automated security tests. For example, it allows for attacks that require setting of a specific header value or changing of anything within the SIP message.

Getting started

To get started with the templates, we recommend making use of the built-in templates rather than starting from scratch. These templates can be created in a directory named svtemplates by making use of the following command:

sipvicious sip utils templates dump --templates svtemplates

Heads up

If no template directory is specified, the current directory is used to load the templates. If none exist, then the built-in templates are used.

Each SIP message template is created in that directory and can be then inspected. We will use the SIP register template file registerrequest.tpl in this example:

REGISTER {{.RequestURI}} SIP/2.0
Via: SIP/2.0/{{.AddrFamily}} {{.LocalAddr}};rport;branch=z9hG4bK-{{.Branch}}
Max-Forwards: 70
From: {{.FromVal}}
To: {{.ToVal}}
Call-ID: {{.CallID}}
CSeq: {{.CSeq}} REGISTER
Contact: {{.ContactVal}}
Expires: {{.Expires}}
Content-Length: 0
{{/* this line must end with a newline */}}

To add an extra custom header, for example X-custom: hello world one would simply add that line to the headers, resulting in the following:

REGISTER {{.RequestURI}} SIP/2.0
Via: SIP/2.0/{{.AddrFamily}} {{.LocalAddr}};rport;branch=z9hG4bK-{{.Branch}}
Max-Forwards: 70
From: {{.FromVal}}
To: {{.ToVal}}
Call-ID: {{.CallID}}
CSeq: {{.CSeq}} REGISTER
Contact: {{.ContactVal}}
Expires: {{.Expires}}
X-custom: hello world
Content-Length: 0
{{/* this line must end with a newline */}}

Once this template is saved, it can be tested by making use of the following command:

sipvicious sip utils templates test udp://127.0.0.1:5060 --templates svtemplates -m register

This results in the following output:

REGISTER sip:127.0.0.1 SIP/2.0
Via: SIP/2.0/TCP 127.0.0.1:10011;rport;branch=z9hG4bK-uST7VxlRRr6WRi13
Max-Forwards: 70
From: <sip:a3T0UObH@127.0.0.1>;tag=wqLQFD8JEA8BYl0k
To: <sip:a3T0UObH@127.0.0.1>
Call-ID: wbBkiHm6y2Wifagu
CSeq: 1 REGISTER
Contact: <sip:a3T0UObH@127.0.0.1:10011;transport=tcp>
Expires: 60
X-custom: hello world
Content-Length: 0

Heads up

All SIPVicious PRO tools that deal with SIP, support templates.

Another useful tool here is the repeater that sends the custom SIP message to a target system. For example:

sipvicious sip utils repeater  -m register udp://demo.sipvicious.pro:5060

REGISTER sip:demo.sipvicious.pro SIP/2.0
Via: SIP/2.0/UDP 192.168.188.23:52070;rport;branch=z9hG4bK-hN98YsGPKSSVAJp8
Max-Forwards: 70
From: <sip:ljjRkPmI@demo.sipvicious.pro>;tag=i0YmgmJLM6XGRCal
To: <sip:ljjRkPmI@demo.sipvicious.pro>
Call-ID: g7UDtf2JL2yeXbZX
CSeq: 1 REGISTER
Contact: <sip:ljjRkPmI@192.168.188.23:52070;transport=udp>
Expires: 60
X-custom: hello world
Content-Length: 0

 
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.188.23:52070;rport=52070;branch=z9hG4bK-hN98YsGPKSSVAJp8;received=10.10.10.10
From: <sip:ljjRkPmI@demo.sipvicious.pro>;tag=i0YmgmJLM6XGRCal
To: <sip:ljjRkPmI@demo.sipvicious.pro>;tag=9dd61ff61e802d8e2bef5f14621ef3c2.e7b8
Call-ID: g7UDtf2JL2yeXbZX
CSeq: 1 REGISTER
Contact: <sip:ljjRkPmI@192.168.188.23:52070;transport=udp>;expires=60;received="sip:10.10.10.10:52070"
Server: kamailio (5.3.3 (x86_64/linux))
Content-Length: 0