SIP authentication response with nonce in SIP header

TIP OF THE DAY:

SIP useragent /Registrar uses digest authentication for SIP authentication.  To  prevent replay attacks SIP registrar generates an arbitrary number  NONCE ( number once) and send to sip client. SIP client uses that NONCE to hash the sip credentials  and send to registrar.

If you have packet capture and want to compare the  hashed credentials in response header  you can use this script . Change nonce ,authid,pwd,uri and realm  values and run the script.

#!/usr/bin/perl -w
use Digest::MD5 qw(md5_hex);

$authid = ‘test’;
$pwd = ‘1234’;
$realm = ‘asterisk’;
$method = ‘REGISTER’;
$uri = ‘sip:sip.test.com’;
$nonce = ‘035cf70b1c4fcf4731150330410151743443’;

$a1 = md5_hex(“$authid:$realm:$pwd”);
$a2 = md5_hex(“$method:$uri”);
print md5_hex(“$a1:$nonce:$a2”), “\n”;

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top