actually, I was thinking to teach you about performing a DOS attack on web-server. so you could get to know from basics. maybe some other day.
ATTACK DESCRIPTION:
today, I am going to teach you about caller id spoofing in VoIP. it basically means that changing the caller id from our custom one. for example, we are calling our friend “Sam”. he has your phone number saved in his phone. so whenever you call him, he gets your name on the phone during the call. now, caller id spoofing is to change the name that is being displayed on the sam’s phone. btw, you can also replace a name with a phone number.
in this tutorial, I am not going to show you to set up a whole PBX or sip server on your computer. because the whole process is so lengthy. I am assuming that you already have it or you are in your office. but let me clear some basic concept.
BASICS:
for this attack, you should know about VoIP, SIP, PBX.
•VoIP is a service of calling or messaging over the internet. you may not hear about it before but I am pretty sure that you might daily use it. Examples- facebook Messenger, Discord, Skype.
•PBX stands for Private Branch Exchange. have you ever seen an office? you can see that there is some strange telephone on desks. it is called PBX telephones. it allows voip calls for users.
•SIP is an application layer protocol which establishes a VoIP call. there is one more thing that you should know that SIP means session initiation protocol.
ATTACK TUTORIAL:
for this attack, I am using Kali Linux’s tool Inviteflood. it is some kinda Dos attack but on VoIP. if you want to use the VoIP phone software in Linux. I will recommend you ZOIPER
type this command to see the help:
inviteflood -h
it should show you this result if you have installed it.
the basic syntax of inviteflood:
inviteflood <Interface> <SIP-Extension> <SIP-Domain> <ip-address> <packets> -a "<number/name>"
some of you might be confused now because of these words. the sip-extension is like a short number or name which has its own number on PBX. sip-domain will be provided by your PBX server. then the IP-address of a person whom you wanna call. if the person is on your LAN. the IP can be “192.168.XXX.XXX”
we have specified - a for the caller id that is to be displayed on victim’s phone.
EXAMPLE:
inviteflood eth0 1212 sip.lucky.com 192.168.43.183 20 -a "1234567890"
the eth0 is an interface. 1212 is Extension. sip.lucky.com is Domain and the 192.168.43.183 is the person who has a VoIP phone on our network.
the -a the value will be shown to the victim. we are not doing a Dos attack that’s why we have specified the value of the packet 20.
I have found a website that can do this whole process in one second.
GO TO THIS WEBSITE: https://ticketguruu.com/SbQd
Thanks For Visiting.
