SIP authentication response with nonce in SIP header

Hire us for your custom mobile application and Web Application development needs . You can be assured your final deliverable, no matter the technology its built on, will be secure, scalable and sustainable in whatever environment its hosted.

WhatsApp : +918500018686 :: skype: sales@sipcosystems.com

 

TIP OF THE DAY:

SIP useragent /Registrar uses digest authentication for SIP authentication.  To  prevent replay attacks SIP registrar generates an arbitrary number  NONCE ( number once) and send to sip client. SIP client uses that NONCE to hash the sip credentials  and send to registrar.

If you have packet capture and want to compare the  hashed credentials in response header  you can use this script . Change nonce ,authid,pwd,uri and realm  values and run the script.

#!/usr/bin/perl -w
use Digest::MD5 qw(md5_hex);

$authid = ‘test’;
$pwd = ‘1234’;
$realm = ‘asterisk’;
$method = ‘REGISTER’;
$uri = ‘sip:sip.test.com’;
$nonce = ‘035cf70b1c4fcf4731150330410151743443’;

$a1 = md5_hex(“$authid:$realm:$pwd”);
$a2 = md5_hex(“$method:$uri”);
print md5_hex(“$a1:$nonce:$a2”), “\n”;

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top