From the previous section, we have the IP address and extension address of the SIP server. So ,now we will focus on yielding passwords to bypass the authentication level. In this section, we will learn to use Wireshark for sniffing traffic and
sipcrack suite, as well.
When a new or existing VoIP phone establishes a connection to the network, it sends a
REGISTER request to the IP-PBX server for registering the associated user ID/extension number. This request contains crucial details, such as user information, authentication data, and so on.
A sample SIP authentication request is as follows:
REGISTER SIP :192.168.1.130;transport=UDP SIP/2.0 Via : SIP/2.0/UDP 192.168.1.132:5061;branch=zghg4bk-d8752z-37184e79d2d8cac8-1-----d87542 ...