Yup, i know this might been posted before. Still i managed to setup a PBX in linux box and hijack the session. Well, if you ask me, VoIP with TLS encryption is good, but there will be latency and expect to experience slowness when talking to your peer. With this experiment, all you need is siVus from http://www.vopsecurity.org/ x-lite softphone from http://www.xten.com/ and SER from http://www.iptel.org/ser/
You can read more about VoIP from the siVus website, under the papers section.
The above pic dictates this scenario.
ong: 192.168.1.45 (attacker)
Use sivus message generator to generate a REGISTER request for ronald(18.104.22.168) to the Registar.
In the Register request, the From and To headers must use the same user information.
The fields in Sivus to note for
Domain/Host: 192.168.1.138 Port:5060
Branch: To find out which branch, launch the softphone and use Wireshark to sniff UDP packets to find out the branch number.
To find out the port number of the softphone used, use a tool like tcpview to see the port number.
Hijacking a connection from ronald.
Scenario: Under normal circumstances, test(Caller) will call ronald(callee). Ong(Attacker) will then send a register request for ronald using the above fields to hijack the connection for ronald, ultimately ong will be the one speaking to test. Mission accomplished.