14 Jul 2023

Building voiptoolbox.net Chapter 3 - SIP Auth Headers

How can you tell if an Authorization header in a SIP request is correct? VoIP Toolbox can now help you replicate the auth calculations to confirm things are working as expected.

We are getting pretty niche here, but then VoIP Toolbox site has always been a little bit aimed at the long tail of VoIP devs anyway.

voiptoolbox.net auth tools

Calculate a SIP Authorization header for fun at voiptoolbox.net

The situation is this. We have a SIP request, typically an INVITE or REGISTER, that has an Authorization header. We want to check the header value is correct. If we have the credentials and a copy of the 401/407 response that triggered this packet then we can do the calculations ourselves and confirm things are aok.

The new page is available here under SIP Auth Tools.

You might be asking… do we need a tool for this? Whilst I didn’t search particularly hard, I couldn’t find an equivalent. Also a lot (if not all?) of SIP devices won’t let you set some of the inner auth params, like nc and cnonce, which you need to be able to control if you’re trying to match an output header to confirm the final hash is correct. i.e. you can’t just fire up microsip or similar with the expected credentials and compare the results between dialogs.

Semi related, jes has an interesting post on the encoding used in the OpenSIPS topology hiding module and the ease at which the original plaintext can be revealed. That’s what prompted me to dig out an old Auth headers verification script and tweak ready for a hosted version on VoIP Toolbox.

SIP Dev SysAdmin Voiptoolbox
Back to posts