ohrwurm

ohrwurm is designed to fuzz RTP traffic, particularly targeting SIP phones in a switched LAN environment. It requires arpspoof from dsniff for the man-in-the-middle attack to intercept and manipulate RTP streams between two target IP addresses. The tool reads SIP messages to extract RTP port numbers or allows manual specification of ports to fuzz any RTP traffic.

Use cases include testing the robustness of SIP phones against malformed RTP packets. Special care is taken to disrupt RTP handling, with configurable bit error ratios applied to payloads. RTCP traffic suppression is available to prevent codecs from detecting noisy lines. Gateway operation works only partially, making it best suited for switched LAN scenarios.

Dependencies include dsniff, libc6, libpcap0.8t64, and ohrwurm itself.

ohrwurm performs MITM using arpspoof to position itself between two SIP phones. It sniffs SIP messages for RTP port discovery unless ports are manually provided with -A and -B, skipping SIP sniffing. RTP payloads are fuzzed with a configurable constant bit error ratio (BER), while special techniques target RTP handling vulnerabilities. RTCP packets can be suppressed via -t to avoid codec noise detection. Random seed controls fuzzing variability, defaulting from /dev/urandom.