- This topic has 0 replies, 1 voice, and was last updated 6 years, 9 months ago by .
- You must be logged in to reply to this topic.
It’s been a while since I last posted here, but I’ve come across an issue that only a community like this can help me with.
The issue is regarding a tool called SIP Vicious. I deliberated whether to put this in the Tools section or the Malware section. Don feel welcome to move the thread if you feel it’s in the wrong place.
SIP Vicious is a valid open source SIP auditing tool which has been exploited extensively for malicious intent. I’m not going to go into exactly what the tool can do (you can search for that on your own).
The issue I have is identifying the mailicious traffic and separating it from valid SIP traffic. Until now the only way that I’ve found to do this is by looking at the user agent. So far I have identified 2 different user agents used by this tool in the field;
1. User-Agent: friendly-scanner
2. User-Agent: sundayddr
My question is – has anyone here ever come across this tool using a different user agent? If yes what was the user agent used? Do you have any references to this on the internet and/or sniffer captures showing this?
I know that as the source code is open anyone can actually download the tool and change the user agent at will if they go into the code before using it, but so far we have only found the 2 user agents mentioned above.
– EH-Net Live! Still finalizing the details, so Stay Tuned for our next webinar coming on Thurs March 19 @ 1:00 PM EST. Reg Open Next Month!
– EH-Net Live! August – Video & Deck Available Now! for “Shellcode for the Masses” w/ John Hammond from Jan 29.
– EH-Net Live! December – Video & Deck Available Now! for “Burp-less Hacking – Learning Web Application Pentesting on a Budget” w/ Phillip Wylie from Dec 19.
– EH-Net Live! November – Video & Deck Available Now! for “All Things CTF!” w/ Ray Doyle of EverSecCTF from Nov 21.
– EH-Net Live! October – Video & Deck Available Now! for “Hacking Humans” w/ Hadnagy, Paul & Baron from Oct 29.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
Copyright ©2020 Caendra, Inc.