[prev in list] [next in list] [prev in thread] [next in thread] 

List:       whisker-devel
Subject:    [whisker] Libwhistler, SIPping with a fork of Libwhisker
From:       "Sip Phreak" <sipphreak () gmail ! com>
Date:       2006-04-10 14:42:16
Message-ID: c376c200604100742g2a8ac5b8k11d160a3a7d20276 () mail ! gmail ! com
[Download RAW message or body]

SIP (Session Initiation Protocol) servers, proxies and clients arebeing implemented \
everywhere. The number of RFC pages devoted to SIPis astonishing and is growing. \
There are numerous implementationdetails that need to be correct in order for SIP \
based applications tobe secure. There are many opportunities for flawed applications \
thatwould allow exploit. There are no open source security testing toolsfor SIP that \
do anything useful at the application layer. I want to change that, at least the last \
one. I was starting to usePerl to write some basic scripts to inject SIP UDP packets \
into anexisting call flow. I was making reasonable progress and needed aname. I \
thought the name Whistler was cool. It serves to honor boththe heritage of the ground \
breaking HTTP tool Whisker and ofphreaking.where whistling 2600Khz into a payphone \
was the path toownership of the network. It didn't take me too long to realize that I \
should do more than justborrow the name from Whisker. I'm still a Perl novice and \
borroweverything I can from other Perl programs. Rain Forrest Puppy has putyears of \
effort into Libwhisker and it shows. There is a greatfoundation of code and testing \
processes built into Libwhisker. SIPuses HTTP/SMTP like headers and content types, so \
there can be a lotof code reuse. So I'm going to fork Libwhisker development to \
support SIP. This isn'tlike Free/Net/Open BSD where everyone is doing the same thing \
with adifferent focus. SIP is session oriented where HTTP is not by default.SIP often \
runs over UDP where HTTP cannot. UDP allows attacks withspoofed addresses, which is a \
key implementation goal. There are wholeslew of different headers and uri's are \
completely different. It wouldviolate the principle of compactness to try and make \
one library doboth. It would also probably create some ugly code. So let's be \
friends. Maybe someday there will be something useful onthe Libwhistler side for \
Libwhisker to use, but for now I know it willbe a one way street. There is no code to \
release yet as there is still a lot of hacking upgoing on. This is such an obvious \
idea, that I'd thought it best toannouce it in case someone else was doing something \
similar. Ifsomeone wants to help, drop me a line. I'd be the first to admit thatI \
might be getting in over my head. But someone has to do it, andnobody was. The \
biggest mostly independent yet to be tackled task is to makestreams.pl in the \
Libwhisker source support Net::RawIP. If there is areal interest in helping with \
other parts, I can put up a subversionrepository so the other parts can be shared. \
There are plans for a Whistler, once Libwhistler provides enough fucntionality. \
Thanks to RFP, for making Libwhisker code open. Sip Phreak
--http://sipphreak.us
sipphreakus (sĭp'frēk-əs)n.1.	A chronic infectious disease caused by insecure \
telephony protocolsand transmitted through promiscuous messaging2.	The futile \
endeavor of securing evolving technology seeminglyarising without intelligent design \
and rehashing previous securitymistakes3.	A Session Initiation Protocol \
altercation�����������������������������������������ӆ+�^�隊X���'���u��< \
�j�w[�椊x,r���)���๨��{^����bq�b�{"��0y��vj�W�yؚ�mzwm��b��mƬ��ݎ�����)�u�ޖ�^�躖�y�"����a������x-z�ⶊ��m������j���ږF \
�w��ǥ�ɝ�H����n'ۍ{�O�j�^������������������������������������� \
����u�ޗ�m�����.�ǟ���w�����-��!��


[prev in list] [next in list] [prev in thread] [next in thread]