STUN binding request with username attribute

firefart / stunner

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

Other

764 stars 43 forks source link

STUN binding request with username attribute #56

Open gl4nce opened 2 months ago

gl4nce commented 2 months ago

Would it be possible to send the username attribute in STUN binding requests? Obviously some STUN servers expect this attribute on binding requests.

Does this make sense? I'm not such deep into the STUN protocol but looks like it could be a good addition according to RFC 5389?

I'm currently playing with Jitsi Videobridge (SFU). Wireshark shows that this attribut is set on each initial binding request. Unfortunately, there no corresponding option in stunner for that.

firefart commented 2 months ago

Do you have an example of the replies of the server when running with the -debug flag?

gl4nce commented 2 months ago

The server ignores such requests completely. There is no reply. But I don't know it's because of the missing username attribute or anything else.

firefart commented 2 months ago

Just run with the -debug flag. If a requested property is missing, there must be an error code in the response

gl4nce commented 2 months ago

As I said. The server ignores the request. There are no replies. I guess there is some sort of pre-auth in the connection to the Jitsi Videobridge. And yes, it's all the same destination port (443).

I made two Wireshark screenshot for comparison.

Capture of real webrtc connection jvb_live_example

info command with stunner jvb_stunner_test