VoIP Hopper 1.0 released
VoIP Hopper is a security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
In Cisco IP Phone networks, it first dissects either IEEE 802.3 or Ethernet II for Cisco Discovery Protocol (CDP) packets. If CDP is enabled on the switch port and the Voice VLAN feature is enabled, it will determine the Voice VLAN ID (VVID). This will allow the tool to create a new Ethernet interface on the PC that tags the 802.1q VLAN header in the Ethernet packet. After VoIP Hopper has created the new Ethernet device, it will send a DHCP client request. It can also generate CDP messages just as an IP Phone based on CDP would do. It will send two CDP packets, requesting the Voice VLAN ID. After creating the new interface, it will then iterate between sleeping for 60 seconds, and sending a CDP packet.
In Avaya IP Phone environments, it sends an Option 55 parameter request list, requesting Option 176. When the DHCP server sends Option 176, it decodes the L2QVLAN reply field for the Voice VLAN ID. It then creates a new voice interface and sends a DHCP request.
In Nortel IP Phone networks, VoIP Hopper sends an Option 55 parameter request list, requesting Option 191. When the DHCP Server sends Option 191 data, it decodes the VLAN-A: string for the Voice VLAN ID. It then creates a new voice interface and sends a DHCP request.
Version 1.0 is available here and comes with the following features and bug fixes:
- Nortel Support: VoIP Hopper can now automatically discover the Voice VLAN ID used in Nortel IP Phone networks and VLAN Hop!
- DHCP client: A fully integrated DHCP client! VoIP Hopper now implements DHCP messaging as function calls instead of relying on the old ‘dhcpcd’ client. This opens up the door for future VLAN Discovery mechanisms for other vendors, such as Alcatel.
- New CDP mode: A new CDP Spoof mode that uses a pre-constructed IP Phone packet of a Cisco 7971G-GE! Now you can VLAN Hop faster by spoofing CDP and don’t have to construct your own CDP Packet!
- Error correction with VLAN Interfaces: Implemented a feature that checks to see if the IP address is already configured for the voice interface before running the VLAN Hop and DHCP request
- Bug fix 1: Fixed an important libpcap bug with pcap_next_ex read timeout when CDP sniff mode was used (-c 0).