Skip to main content

Looking to up your
RTC security testing game?

SIPVicious PRO helps security teams, QA and developers battle-test modern VoIP and WebRTC systems, applications and protocols for manual and automated testing.

SIPVicious PRO mascot with white background

RTC security testing beyond SIP

Not just
SIP or UDP

In addition to SIP over UDP, SIPVicious PRO supports SIP over different transport protocols including TCP, TLS and WebSocket. Tests for RTP included.
Target Specification »

Fast.
Very fast

SIPVicious PRO’s concurrent design allow it to achieve extraordinary speeds, especially useful for flood attacks with rate limiting capabilities.
SIP Flood »

QA & CI/CD
Integration

Do not push new code or configuration without automated security testing first. Test for vulnerabilities on each commit + fuzzing & DoS testing done regularly.
Automation »

Discover unknown
Vulnerabilities

Fuzzing modules which help identify security flaws that lurk in the code, whether it be the SIP stack, SIP/RTP parser or the codecs.
SIP Fuzzing »

What features are supported?

Wide variety of protocols

Support for a wide variety of protocols including SIP, SDP, SDES, RTP, DTLS, SIP TLS and WebSocket

WebRTC

DTLS-SRTP, TURN and STUN and SIP over WebSocket

Fuzzing

Mutation-based testing to find security violations

Encrypted traffic

SIP servers with TLS as well as client certificates supported, together with SDES-SRTP and DTLS-SRTP

DoS testing

Various modules to aid with Denial of Service testing

RFC compliant

Complies to the standards (unless the attack requires non-compliance)

SIP message modification

All SIP related tools in SIPVicious PRO allow customization of SIP messages before they are sent via a powerful templating system

Automation

To integration within automated testing processes, including CI/CD pipelines, each tool supports exit codes and JSON output

Utilities for manual testing

A number of tools to aid with manual debugging and tests

Attacks on the media

Various attacks affecting an often neglected vector

STIR/SHAKEN Experimental

Fuzzing and support for calls signed with STIR/SHAKEN, in addition to support for manual attacks using the protocol

Ever growing list of attack tools

Each attack tool is commercially supported with new tools being developed. See our roadmap.

Support for advanced
attacks out-of-the-box

SIP Flood DoS

Standard and advanced SIP Flood Denial of Service (DoS) testing

SIP digest leak

Test user-agent clients and servers for leakage of digest challenge response

SIP online password cracker

Online SIP digest authentication password cracking on both registrar servers and proxy servers

SIP extension enumeration

Identify SIP extensions or addresses on a given target server

SIP method enumeration

Find out which SIP methods are supported and if any allow authentication bypass

SIP method fuzzer

Fuzzes each SIP method, headers and body to find SIP parser and logic issues

RTP bleed

Check media servers and RTP proxies for this wide-spread vulnerability

RTP inject

Inject RTP packets in ongoing media streams targeting both media servers and clients

STIR/SHAKEN fuzzer Experimental

Fuzz the STIR/SHAKEN SIP headers to identify parser and logic issues

RTP fuzzer Experimental

Fuzz the RTP packets to identify vulnerabilities in the RTP parser and codec handling

Pricing

SIPVicious PRO is provided to approved vendors and implementers
of VoIP and WebRTC infrastructure as part of a subscription.

Service Provider or Vendor
Consultant
What is a Target?

Subscription

800 /mo

+

Workshop

800 one-time

Do you have questions? Consult the FAQ. Software licencing agreement available here.

Subscription

Simple, transparent and predictable pricing

  1. All features included, no limitations
  2. Pause, resume or cancel at any time
  3. Support included as part of your subscription
  4. Introductory workshop

Contact us to find out more ยป

SIPVicious PRO
Bug-O-Rama

SIPVicious PRO has been used to find several previously unknown security vulnerabilities.

Overflow vulnerabilities

  1. CSEQ header parsing heap overflow affecting Asterisk chan_pjsip and PJSIP (CVE-2017-9372)
  2. Kamailio off-by-one heap overflow (CVE-2018-8828)
  3. SUBSCRIBE message with a large Accept value stack corruption (CVE-2018-7284)
  4. Segmentation fault in asterisk with an invalid SDP fmtp attribute (CVE-2018-1000099)
  5. Segmentation fault in Asterisk with an invalid SDP media format description (CVE-2018-1000098)
  6. sngrep crash due to a buffer overflow caused by a malformed SDP media type
  7. sngrep crash due to a stack overflow caused by a malformed SDP connection address
  8. VoIPmonitor buffer overflow vulnerability when using the live sniffer (CVE-2021-1000005)
  9. Show 5 more

Denial of Service

  1. Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport (CVE-2018-7286)
  2. Asterisk crash due to INVITE flood over TCP (CVE-2020-28327)
  3. FreeSWITCH susceptible to Denial of Service via invalid SRTP packets (CVE-2021-41105)
  4. FreeSWITCH susceptible to Denial of Service via SIP flooding (CVE-2021-41145)
  5. Show 1 more

Other

  1. Asterisk RTP Bleed vulnerability (CVE-2017-14099)
  2. VoIPmonitor web GUI vulnerable to Cross-Site Scripting via SIP messages (CVE-2021-1000004)
  3. FreeSWITCH vulnerable to SIP digest leak for configured gateways (CVE-2021-41158)
  4. FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing (CVE-2021-37624)
  5. FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default (CVE-2021-41157)
  6. Show 2 more

Subscribe to SIPVicious PRO

Get in touch to find out more.

Contact us