Capture and Record Voice Traffic to Demonstrate VoIP Security Vulnerabilities
VoIP-related systems are no more secure than other common computer systems. Compounding the issue is the fact that many VoIP systems house more intelligence which makes VoIP networks even more hackable.
If you have access to the wired or wireless network, you can capture VoIP conversations easily. This is a great way to prove that the network and the VoIP installation are vulnerable. There are many legal issues associated with tapping into phone conversations, so make sure you have permission.
You can use Cain & Abel to tap into VoIP conversations. Using Cain’s ARP poison routing feature, you can plug in to the network and have it capture VoIP traffic:
Load Cain & Abel and then click the Sniffer tab to enter the network analyzer mode.
Click the Start/Stop APR icon.
Click the blue + icon to add hosts to perform ARP poisoning on.
In the MAC Address Scanner window that appears, ensure that All Hosts in my Subnet is selected and then click OK.
Click the APR tab to load the APR page.
Click the white space under the uppermost Status column heading.
Click the blue + icon and the New ARP Poison Routing window shows the hosts discovered in Step 3.
Select your default route or other host that you want to capture packets traveling to and from.
In the right column, Ctrl+click the system you want to poison to capture its voice traffic.
Click OK to start the ARP poisoning process.
Click the VoIP tab and all voice conversations are automagically recorded.
Here’s the interesting part — the conversations are saved in .wav audio file format, so you simply right-click the recorded conversation you want to test and choose Play. Note that conversations being recorded show Recording . . . in the Status column.
There’s also a Linux-based tool called vomit that you can use to convert VoIP conversations into .wav files. You first need to capture the actual conversation by using tcpdump, but if Linux is your preference, this solution offers basically the same results as Cain, outlined in the preceding steps.