Overview

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop security test.  VoIP Hopper is a VoIP infrastructure security testing tool but also a tool that can be used to test the (in)security of VLANs.  Get more details on the what and why here.

News

April 26, 2012:  VoIP Hopper 2.04 is released!  With new Avaya, Alcatel, and LLDP-MED spoofing support.  Many special thanks to Nicolas Roux in France, for his source code contribution and debugging help with the Alcatel-Lucent support in VoIP Hopper.
  • Updated Avaya Automatic VLAN discovery for DHCP client Option 242 (for newer Avaya IP Phones)
  • Alcatel-Lucent VVID infrastructure support, with 3 new modes
  • Spoofing MAC Address of Alcatel IP Phone in DHCP client Option 12 and 61 (for Alcatel compliant DHCP client)
  • Proper spoofing of LLDP-MED packet TLVs with user supplied MAC address (Cisco, Alcatel).  LLDP-MED automatic VLAN discovery for Cisco and Alcatel infrastructures.

For a complete feature list, see here.

News (Less Recent)

August 15, 2011:  VoIP Hopper 2.0 is released!  This is the same VoIP Hopper version that was demonstrated live at DefCon 19 conference in the presentation, "VoIP Hopping the Hotel:  Attacking the Crown Jewels through VoIP".  Some exciting new features of VoIP Hopper include the following:

  • New "Assessment" mode:  Interactive, menu driven command interface, improves ability to VLAN Hop in Pentesting when the security tester is working against an unknown network infrastructure
  • New VLAN Discovery methods (802.1q ARP, LLDP-MED)
  • LLDP-MED spoofing and sniffing support
  • Can bypass VoIP VLAN subnets that have DHCP disabled, and spoof the  IP address and MAC address of a phone by setting a static IP


Feedback

Picture
Please don't flame me to tell me that the design or implementation of the C code is ugly (I already know the code isn't as pretty as Jessica Biel).  If you have constructive feedback about useful features, implementation suggestions, or any insight or feedback on how VoIP Hopper helped you, I would like to hear from you.

Jason Ostrom, jpo@pobox.com