VoIP Hopperis a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. This requires two important steps in order for the tool to traverse VLANs for unauthorized access. First, discovery of the correct 12 bit Voice VLAN ID (VVID) used by the IP Phones is required. VoIP Hopper supports multiple protocol discovery methods (CDP, DHCP, LLDP-MED, 802.1q ARP) for this important first step. Second, the tool creates a virtual VoIP ethernet interface on the OS. It then inserts a spoofed 4-byte 802.1q vlan header containing the 12 bit VVID into a spoofed DHCP request. Once it receives an IP address in the VoIP VLAN subnet, all subsequent ethernet frames are “tagged” with the spoofed 802.1q header. VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
There are several new features for this release of VoIP Hopper:
- Avaya DHCP client Option 242 automatic Voice VLAN discovery, for newer Avaya IP Phone infrastructures.
- New Alcatel-Lucent mode support: Can automatically discover the Alcatel infrastructure Voice VLAN ID via spoofing DHCP client Option 43, and sending an Alcatel compliant DHCP request.
- New Alcatel-Lucent mode support: Can automatically discover the Alcatel infrastructure Voice VLAN ID via spoofing an Alcatel compliant LLDP-MED packet, and sending an Alcatel compliant DHCP request.
- New Alcatel-Lucent mode support: User can specify a VLAN ID to hop into, and the code will send a spoofed Alcatel compliant DHCP request.
- With Alcatel modes, user can supply a spoofed MAC address to spoof DHCP Option 12 and 61
- Improved LLDP-MED spoofing support for user supplied MAC address in TLVs (Cisco, Alcatel)
tar xvfz voiphopper-x.xxx
- c compiler
- Linux OS
Before you use VoIP Hopper, ensure that you have authorization from the network owners to run the tool on your network. This tool is intended for network engineers, VoIP administrators, and professional security testers to understand vulnerabilities within a network they have permission to assess – only for good and honorable intent