SIP authentication response with nonce in SIP header

Published by balu sreekanth on

TIP OF THE DAY:

SIP useragent /Registrar uses digest authentication for SIP authentication.  To  prevent replay attacks SIP registrar generates an arbitrary number  NONCE ( number once) and send to sip client. SIP client uses that NONCE to hash the sip credentials  and send to registrar.

If you have packet capture and want to compare the  hashed credentials in response header  you can use this script . Change nonce ,authid,pwd,uri and realm  values and run the script.

#!/usr/bin/perl -w
use Digest::MD5 qw(md5_hex);

$authid = ‘test’;
$pwd = ‘1234’;
$realm = ‘asterisk’;
$method = ‘REGISTER’;
$uri = ‘sip:sip.test.com’;
$nonce = ‘035cf70b1c4fcf4731150330410151743443’;

$a1 = md5_hex(“$authid:$realm:$pwd”);
$a2 = md5_hex(“$method:$uri”);
print md5_hex(“$a1:$nonce:$a2”), “\n”;

 

 

Categories: GeneralVOIP
Tags:

0 Comments

Leave a Reply

Your email address will not be published.

Related Posts

General

The Easy way to manage Google cloud Instances from Mac OSx

  Do you find it difficult to connect to your google cloud VM via SSH using ssh keys  and  you have to login to google cloud console frequently to start  and stop your VM instances Read more…

App Development

Consider using a handler in place of CountDownTimer for UI tasks

  In any programming language a same goal can be achieved through many ways . I am going to discuss how to replace a countdown timer with handler for changing images dynamically on android . Read more…

App Development

Easy Push notification service for Asterisk and Free PBX

    By virtue of increasingly deployed IP-PBX systems in place of traditional business phone systems around the world ,using Mobile softphones to communicate with office IP PBX has become more prevalent. One of the Read more…