REGISTER

1. REGISTER simple

Entre l'UAC 172.16.98.182 et l'UAS 172.16.98.102.

Source : https://www.cloudshark.org/captures/de9c2cf75368

REGISTER sip:domain.xyz SIP/2.0
Via: SIP/2.0/UDP 172.16.98.182:5060;rport;branch=z9hG4bK1013779528
From: <sip:telephone1@domain.xyz>;tag=1182049044
To: <sip:telephone1@domain.xyz>
Call-ID: 1077245679
CSeq: 1 REGISTER
Contact: <sip:telephone1@172.16.98.182;line=f0d50acfece3520>
Max-Forwards: 70
User-Agent: Linphone/3.6.1 (eXosip2/4.0.0)
Expires: 3600
Content-Length: 0
SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.16.98.182:5060;rport=5060;branch=z9hG4bK1013779528
Contact: <sip:telephone1@172.16.98.182;line=f0d50acfece3520>;expires=3600
To: <sip:telephone1@domain.xyz>;tag=2021e220
From: <sip:telephone1@domain.xyz>;tag=1182049044
Call-ID: 1077245679
CSeq: 1 REGISTER
User-Agent: repro 1.9.7
Content-Length: 0

Pour annuler un enregistrement, une nouvelle requête REGISTER avec un champ Expires: 0 dans :

REGISTER sip:domain.xyz SIP/2.0
Via: SIP/2.0/UDP 172.16.98.182:5060;rport;branch=z9hG4bK410623604
From: <sip:telephone1@domain.xyz>;tag=1182049044
To: <sip:telephone1@domain.xyz>
Call-ID: 1077245679
CSeq: 2 REGISTER
Contact: <sip:telephone1@172.16.98.182;line=f0d50acfece3520>
Max-Forwards: 70
User-Agent: Linphone/3.6.1 (eXosip2/4.0.0)
Expires: 0
Content-Length: 0
SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.16.98.182:5060;rport=5060;branch=z9hG4bK410623604
To: <sip:telephone1@domain.xyz>;tag=09697f6c
From: <sip:telephone1@domain.xyz>;tag=1182049044
Call-ID: 1077245679
CSeq: 2 REGISTER
User-Agent: repro 1.9.7
Content-Length: 0

2. REGISTER avec Authentification MD5

Le RFC 3261 recommande que les requêtes SIP soient authentifiées comme indiqué dans le RFC 2617 (HTTP Authentication: Basic and Digest Access Authentication).

Entre l'UAC 172.16.98.1 et 172.16.98.101.

image

Source : https://www.cloudshark.org/captures/423ab1d45e27

...

REGISTER sip:172.16.98.101;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 172.16.98.1:42952;branch=z9hG4bK-d8754z-531c0fb072273b86-1---d8754z-
Max-Forwards: 70
Contact: <sip:telephone1@172.16.98.1:42952;rinstance=564a2ed14798bc07;transport=UDP>
To: <sip:telephone1@172.16.98.101;transport=UDP>
From: <sip:telephone1@172.16.98.101;transport=UDP>;tag=0976af15
Call-ID: MzlhNDk0Nzg0MjE0MTEyNzRlM2VhNGYyYjgzYzc0MzA.
CSeq: 1 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE
Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri
User-Agent: Z 3.3.21933 r21903
Allow-Events: presence, kpml
Content-Length: 0

Le serveur SIP répond avec 401 Unauthorized et indique un champ nécessaire à l'authentification WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="26235be0"

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 172.16.98.1:42952;branch=z9hG4bK-d8754z-531c0fb072273b86-1---d8754z-;received=172.16.98.1
From: <sip:telephone1@172.16.98.101;transport=UDP>;tag=0976af15
To: <sip:telephone1@172.16.98.101;transport=UDP>;tag=as108b6b97
Call-ID: MzlhNDk0Nzg0MjE0MTEyNzRlM2VhNGYyYjgzYzc0MzA.
CSeq: 1 REGISTER
Server: Asterisk PBX 11.7.0~dfsg-1ubuntu1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="26235be0"
Content-Length: 0

Une nouvelle requête (voir Cseq: 2) fournit les paramètres adéquat : Authorization: Digest username="telephone1",realm="asterisk",nonce="26235be0",uri="sip:172.16.98.101;transport=UDP",response="f76185db0be3a8ba2494f5fc4ea99eed",algorithm=MD5

REGISTER sip:172.16.98.101;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 172.16.98.1:42952;branch=z9hG4bK-d8754z-8de228c832cb6988-1---d8754z-
Max-Forwards: 70
Contact: <sip:telephone1@172.16.98.1:42952;rinstance=564a2ed14798bc07;transport=UDP>
To: <sip:telephone1@172.16.98.101;transport=UDP>
From: <sip:telephone1@172.16.98.101;transport=UDP>;tag=0976af15
Call-ID: MzlhNDk0Nzg0MjE0MTEyNzRlM2VhNGYyYjgzYzc0MzA.
CSeq: 2 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE
Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri
User-Agent: Z 3.3.21933 r21903
Authorization: Digest username="telephone1",realm="asterisk",nonce="26235be0",uri="sip:172.16.98.101;transport=UDP",response="f76185db0be3a8ba2494f5fc4ea99eed",algorithm=MD5
Allow-Events: presence, kpml
Content-Length: 0
SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.16.98.1:42952;branch=z9hG4bK-d8754z-8de228c832cb6988-1---d8754z-;received=172.16.98.1
From: <sip:telephone1@172.16.98.101;transport=UDP>;tag=0976af15
To: <sip:telephone1@172.16.98.101;transport=UDP>;tag=as108b6b97
Call-ID: MzlhNDk0Nzg0MjE0MTEyNzRlM2VhNGYyYjgzYzc0MzA.
CSeq: 2 REGISTER
Server: Asterisk PBX 11.7.0~dfsg-1ubuntu1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Expires: 3600
Contact: <sip:telephone1@172.16.98.1:42952;rinstance=564a2ed14798bc07;transport=UDP>;expires=3600
Date: Wed, 11 May 2016 11:55:19 GMT
Content-Length: 0

3. REGISTER avec utilisateur erroné

Dans cette exemple, l'UA tente de s'authentifier sous un nom d'utilisateur (telephone0) inexistant sur le serveur SIP. Le message d'erreur est "403 Forbidden".

Source : https://www.cloudshark.org/captures/10222a758905

4. REGISTER avec mot de passe erroné

Dans cette exemple, l'UA tente de s'authentifier avec un mot de passe erroné. Le message d'erreur est aussi dans ce cas "403 Forbidden".

Source : https://www.cloudshark.org/captures/784f68cbb09a

5. Découverte de mots de passe

...

Commentaires