UCSniff updated to v2.1

UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, under the GPLv3 license

UCSniff was created as a Proof of Concept demonstration tool and a method of creating awareness around VoIP/UC threats. It can be used by VoIP/UC Administrators to test their own VoIP Infrastructure in a pilot before vulnerabilities are rolled into production. It can also be used by security professionals as a method of convincing IT decision makers that security best practices should be applied to VoIP/UC in the same way that they are applied to other TCP/IP based, client-server applications.

Some useful features of UCSniff that have been combined together into a single package:

  • Allows targeting of VoIP Users based on Corporate Directory and/or extensions
  • Support for automatically recording private IP video conversations
  • Automatically re-creates and saves entire voice conversations to a single file that can be played back by media players
  • Support for G.722 and G.711 u-law compression codecs
  • Support for H.264 Video codec
  • Automated VLAN Hop and Discovery support
  • A UC Sniffer (VoIP and Video) combined with a MitM re-direction tool
  • Monitor Mode
  • Sniffs entire conversation if only one phone is in source VLAN

Changelog for this release (source of this changelog)

  • Eavesdropping on Microsoft OCS IM conversations
  • Support for Avaya SIP eavesdropping (handles SIP re-invites properly)
  • Re-write of SIP code for enhanced logging and memory efficiency
  • Enhanced ARP spoofing with unicast arp requests (also detects devices that have GARP disabled)
  • Support for G.711 a-law codec (already supports G.722, G.711 u-law)

Post scriptum

Compliance Mandates


Related Articles

Data Sniffer
Penetration testing & Ethical Hacking