WebRTC
Jump to navigation
Jump to search
VoIPmonitor sniffer is able to analyse SIP over WebSocket encrypted or unencrypted. For unencrypted WebSocket the only think needed is to set
sipport = 5060, 8088
this example will analyse SIP TCP/UDP and SIP over WebSocket on port 8088
For encrypted webscoket see following examples for Freeswitch and Asterisk:
Freeswitch
vars.conf
<param name="tls-version" value="tlsv1.2"/> <param name="tls-ciphers" value="AES128-SHA" >
voipmonitor.conf
ssl = yes ssl_ipport = 192.168.0.1 : 7443 /etc/voipmonitor/privkey.pem
Asterisk
http.conf
; ; Asterisk Builtin mini-HTTP server ; ; [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 ;prefix=asterisk ;sessionlimit=100 ;enablestatic=yes ;redirect = / /static/config/index.html tlsenable=yes ; enable tls - default no. tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089. tlscertfile=/etc/asterisk/keys/asterisk.pem ; path to the certificate file (*.pem) only. tlscipher=AES128-SHA ;tlsprivatekey=</path/to/private.pem> ; path to private key file (*.pem) only.
rtp.conf
add at the end of this file:
icesupport=yes stunaddr=stun.l.google.com:19302
pjsip.conf
[general] allowguest = no [global] type = global user_agent = VoIPsun PBX realm=192.168.2.107 bindport=5060 transport=udp,ws,wss
[transport-udp] type = transport protocol = udp bind = 192.168.2.107:5060 tos = cs3 cos = 3
[transport-ws] type=transport protocol=ws bind=192.168.2.107
[transport-wss] type=transport protocol=wss bind=192.168.2.107 cipher=0x002f [101] type=aor max_contacts=1 remove_existing=yes
[101] type=auth auth_type=userpass username=101 password=1234
[101] type=endpoint disallow=all allow=opus allow=alaw allow=ulaw context=from101 auth=101 aors=101 media_encryption=dtls dtls_verify=fingerprint dtls_cert_file=/etc/asterisk/keys/asterisk.pem dtls_ca_file=/etc/asterisk/keys/ca.crt dtls_setup=actpass use_avpf=yes ice_support=yes media_use_received_transport=yes rtcp_mux=yes
[102] type=aor max_contacts=1 remove_existing=yes
[102] type=auth auth_type=userpass username=102 password=1234
[102] type=endpoint disallow=all allow=opus allow=alaw allow=ulaw context=from102 auth=102 aors=102 media_encryption=dtls dtls_verify=fingerprint dtls_cert_file=/etc/asterisk/keys/asterisk.pem dtls_ca_file=/etc/asterisk/keys/ca.crt dtls_setup=actpass use_avpf=yes ice_support=yes media_use_received_transport=yes rtcp_mux=yes
extensions.conf
[from101] exten => _X.,1,NooP(Call from 101 to ${EXTEN}) same => n,Dial(PJSIP/102/${EXTEN})
exten => i,1,Goto(other,${EXTEN},1)
[from102]
exten => _X.,1,NooP(Call from 102 to ${EXTEN})
same => n,Dial(PJSIP/101/${EXTEN})
exten => i,1,Goto(other,${EXTEN},1)
[other]
exten => X,1,NooP(Call from ${CALLERID(num)} to ${EXTEN})
same => n,DumpChan()
same => n,Ringing()
same => n,Wait(3)
same => n,Playback(/var/lib/asterisk/sounds/cz/queue-periodic-announce)
same => n,Hangup()
modules.conf
noload => chan_sip.so
keys
mkdir /etc/asterisk/keys cd /etc/asterisk/keys openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 365 -key ca.key -out ca.crt openssl genrsa -out key.pem 1024 openssl req -new -key key.pem -out req-sip_server.csr openssl x509 -req -days 365 -in req-sip_server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert-sip_server.crt cat key.pem > asterisk.pem cat cert-sip_server.crt >> asterisk.pem
Sipml5
https://www.doubango.org/sipml5/call.htm?svn=170#
Display name: 102 Private Identity: 102 Public Identity: sip:102@192.168.2.107 Password: 1234Realm: 192.168.2.107
click on expert mode:
Disable video: on
Enable RTCWeb breaker
WebSocket Server URL: wss://192.168.2.107:8089/ws
ICE servers: [{ url: 'stun:stun.l.google.com:19302'}] (this can be maybe empty)
Disable 3GPP Early IMS: on
Disable debug messages: on
Cache media stream: on
Disable Call button options: on
- after settings go back to first tab and click login
- open https://192.168.2.107:8089/ws in browser and accept the certificate - otherwise the webrtc will not login.