Pepelux
commented
4 years ago This is the purpose of the script. But the password does not travel in clear. SIP uses a digest authentication (https://en.wikipedia.org/wiki/Digest_access_authentication).
With this script you can obtain the digest negotiation and the final response. Then you have to use any tool like sipcrack to try get the clear password using a dictionary or a wordlist.
Can sipspy be used to emulate a sip server and provide real authentication emulation, so that when a sip client connects, his password can be revealed?
my ISP has a sip client running on the router and I want to replace this router for another one. The ISP will not reveal the password but I can change the registar and proxy on the router configuration. This way I can point it to a fake server that accepts anything