awesome-rtc-hacking
github.com/enablesecurity/awesome-rtc-hacking ↗a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me notable blog posts and articles resources from awesome-rtc-hacking"
Installation instructions →What's inside
Notable blog posts and articles
- Abusing Microsoft Teams Direct Routing
- Adventures in Video Conferencing Part 1: The Wild World of WebRTC
- Adventures in Video Conferencing Part 2: Fun with FaceTime
- Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp
- Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsApp
- Adventures in Video Conferencing Part 5: Where Do We Go from Here?
Papers
Advisories
Related lists
Videos
- Blackhat EU 2019: Mobile network hacking - All-over-IP edition - Karsten Nohl, Luca Melette & Sina Yazdanmehr
All-over-IP edition - Karsten Nohl, Luca Melette & Sina Yazdanmehr
- Hak5 1813: SSL Hack Workarounds and WebRTC Flaws
- HITBHaxpo D1: VoLTE Phreaking - Ralph Moonen
Ralph Moonen
- Jailbreak Brewing Company Security Summit: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568 - Maddie Stone
Maddie Stone
- Kamailio World 2013: VoIP Security Tools - Anton Roman
Anton Roman
- Kamailio World 2015: VoIP Security – Bluebox ng Continuous Pentesting - Sergio García Ramos
Sergio García Ramos
Open-source tools
- bluebox-ng
Pentesting framework using Node.js powers, focused in VoIP. (public archive)
- Metasploit auxiliary modules
- Mr.SIP
SIP based audit and attack tool.
- rtpnatscan
Tool which tests for
- SeeYouCM Thief
download and parse configuration files from Cisco phone systems searching for SSH credentials
- SigPloit
Tool which covers all used SS7, GTP (3G), Diameter (4G) or even SIP protocols for IMS and VoLTE infrastructures.
CTFs and Learning Resources
- CSAW CTF Qualification Round 2020 / Tasks / WebRTC
CTF challenge featuring WebRTC (2020)
- SIPVicious PRO demo server
Live environment for testing RTC attacks
Blogs
- Enable Security Blog
A blog about VoIP, WebRTC and real-time communications security by Enable Security
- Fred Posner's Blog
includes commentary on VoIP security topics
- Kwancro - Thoughts, tips and tricks
Often covers SIP honeypot activity and related security topics
- Pepelux blog
Showing a sample of 100 resources. View the full list on GitHub →