WebRTC
(Redirected from Webrtc)
Jump to navigation
Jump to search
VoIPmonitor sniffer is able to analyse SIP over WebSocket encrypted or unencrypted. For unencrypted WebSocket just configure WebScoket port as sipport:
voipmonitor.conf:
sipport = 5060, 8088
this example will analyse SIP TCP/UDP and SIP over WebSocket on port 8088
For encrypted webscoket see following examples for Freeswitch and Asterisk:
Freeswitch
vars.conf
<param name="tls-version" value="tlsv1.2"/> <param name="tls-ciphers" value="AES128-SHA" >
voipmonitor.conf
ssl = yes ssl_ipport = 192.168.0.1 : 7443 /etc/voipmonitor/privkey.pem
Asterisk
http.conf
; ; Asterisk Builtin mini-HTTP server ; ; [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 ;prefix=asterisk ;sessionlimit=100 ;enablestatic=yes ;redirect = / /static/config/index.html tlsenable=yes ; enable tls - default no. tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089. tlscertfile=/etc/asterisk/keys/asterisk.pem ; path to the certificate file (*.pem) only. tlscipher=AES128-SHA ;tlsprivatekey=</path/to/private.pem> ; path to private key file (*.pem) only.
rtp.conf
add at the end of this file:
icesupport=yes stunaddr=stun.l.google.com:19302
pjsip.conf
[general] allowguest = no [global] type = global user_agent = VoIPsun PBX realm=192.168.2.107 bindport=5060 transport=udp,ws,wss
[transport-udp] type = transport protocol = udp bind = 192.168.2.107:5060 tos = cs3 cos = 3
[transport-ws] type=transport protocol=ws bind=192.168.2.107
[transport-wss] type=transport protocol=wss bind=192.168.2.107 cipher=0x002f method=tlsv1_2 [101] type=aor max_contacts=1 remove_existing=yes
[101] type=auth auth_type=userpass username=101 password=1234
[101] type=endpoint disallow=all allow=opus allow=alaw allow=ulaw context=from101 auth=101 aors=101 media_encryption=dtls dtls_verify=fingerprint dtls_cert_file=/etc/asterisk/keys/asterisk.pem dtls_ca_file=/etc/asterisk/keys/ca.crt dtls_setup=actpass use_avpf=yes ice_support=yes media_use_received_transport=yes rtcp_mux=yes
[102] type=aor max_contacts=1 remove_existing=yes
[102] type=auth auth_type=userpass username=102 password=1234
[102] type=endpoint disallow=all allow=opus allow=alaw allow=ulaw context=from102 auth=102 aors=102 media_encryption=dtls dtls_verify=fingerprint dtls_cert_file=/etc/asterisk/keys/asterisk.pem dtls_ca_file=/etc/asterisk/keys/ca.crt dtls_setup=actpass use_avpf=yes ice_support=yes media_use_received_transport=yes rtcp_mux=yes
extensions.conf
[from101] exten => _X.,1,NooP(Call from 101 to ${EXTEN}) same => n,Dial(PJSIP/102/${EXTEN}) exten => i,1,Goto(other,${EXTEN},1) [from102] exten => _X.,1,NooP(Call from 102 to ${EXTEN}) same => n,Dial(PJSIP/101/${EXTEN}) exten => i,1,Goto(other,${EXTEN},1) [other] exten => X,1,NooP(Call from ${CALLERID(num)} to ${EXTEN}) same => n,DumpChan() same => n,Ringing() same => n,Wait(3) same => n,Playback(/var/lib/asterisk/sounds/cz/queue-periodic-announce) same => n,Hangup()
modules.conf
noload => chan_sip.so
keys
mkdir /etc/asterisk/keys cd /etc/asterisk/keys openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 365 -key ca.key -out ca.crt openssl genrsa -out key.pem 1024 openssl req -new -key key.pem -out req-sip_server.csr openssl x509 -req -days 365 -in req-sip_server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert-sip_server.crt cat key.pem > asterisk.pem cat cert-sip_server.crt >> asterisk.pem
Sipml5
https://www.doubango.org/sipml5/call.htm?svn=170#
Display name: 102 Private Identity: 102 Public Identity: sip:102@192.168.2.107 Password: 1234Realm: 192.168.2.107
click on expert mode:
Disable video: on Enable RTCWeb breaker WebSocket Server URL: wss://192.168.2.107:8089/ws ICE servers: [{ url: 'stun:stun.l.google.com:19302'}] (this can be maybe empty) Disable 3GPP Early IMS: on Disable debug messages: on Cache media stream: on Disable Call button options: on
- after settings go back to first tab and click login
- open https://192.168.2.107:8089/ws in browser and accept the certificate - otherwise the webrtc will not login.