Overview
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop security test. VoIP Hopper is a VoIP infrastructure security testing tool but also a tool that can be used to test the (in)security of VLANs. Get more details on the what and why here.
News
April 26, 2012: VoIP Hopper 2.04 is released! With new Avaya, Alcatel, and LLDP-MED spoofing support. Many special thanks to Nicolas Roux in France, for his source code contribution and debugging help with the Alcatel-Lucent support in VoIP Hopper.
For a complete feature list, see here.
- Updated Avaya Automatic VLAN discovery for DHCP client Option 242 (for newer Avaya IP Phones)
- Alcatel-Lucent VVID infrastructure support, with 3 new modes
- Spoofing MAC Address of Alcatel IP Phone in DHCP client Option 12 and 61 (for Alcatel compliant DHCP client)
- Proper spoofing of LLDP-MED packet TLVs with user supplied MAC address (Cisco, Alcatel). LLDP-MED automatic VLAN discovery for Cisco and Alcatel infrastructures.
For a complete feature list, see here.
News (Less Recent)
August 15, 2011: VoIP Hopper 2.0 is released! This is the same VoIP Hopper version that was demonstrated live at DefCon 19 conference in the presentation, "VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP". Some exciting new features of VoIP Hopper include the following:
- New "Assessment" mode: Interactive, menu driven command interface, improves ability to VLAN Hop in Pentesting when the security tester is working against an unknown network infrastructure
- New VLAN Discovery methods (802.1q ARP, LLDP-MED)
- LLDP-MED spoofing and sniffing support
- Can bypass VoIP VLAN subnets that have DHCP disabled, and spoof the IP address and MAC address of a phone by setting a static IP
Feedback
If you have constructive feedback about useful features, implementation suggestions, or any insight or feedback on how VoIP Hopper helped you, I would like to hear from you.
Jason Ostrom, jpo@pobox.com
Jason Ostrom, jpo@pobox.com