Tool Documentation:

ohrwurm Usage Example

Fuzz two hosts (-a -b, both on port 6970 (-A 6970 -B 6970), through interface eth0 (-i eth0):

root@kali:~# ohrwurm -a -b -A 6970 -B 6970 -i eth0
using random seed 2978455466

Packages and Binaries:


ohrwurm is a small and simple RTP fuzzer that has been successfully tested on a small number of SIP phones. Features:

 - reads SIP messages to get information of the RTP port
 - reading SIP can be omitted by providing the RTP port
 numbers, sothat any RTP traffic can be fuzzed
 - RTCP traffic can be suppressed to avoid that codecs
 - learn about the "noisy line"
 - special care is taken to break RTP handling itself
 - the RTP payload is fuzzed with a constant BER
 - the BER is configurable
 - requires arpspoof from dsniff to do the MITM attack
 - requires both phones to be in a switched LAN (GW
 operation only works partially)

Installed size: 33 KB
How to install: sudo apt install ohrwurm

  • dsniff
  • libc6
  • libpcap0.8t64
root@kali:~# ohrwurm -h

usage: ohrwurm -a <IP target a> -b <IP target b> [-s <randomseed>] [-e <bit error ratio in %>] [-i <interface>] [-A <RTP port a> -B <RTP port b>]

	-a <IPv4 address A in dot-decimal notation> SIP phone A
	-b <IPv4 address B in dot-decimal notation> SIP phone B
	-s <integer> randomseed (default: read from /dev/urandom)
	-e <double> bit error ratio in % (default: 1.230000)
	-i <interfacename> network interface (default: eth0)
	-t suppress RTCP packets (default: dont suppress)
	-A <port number> of RTP port on IP a (requires -B)
	-B <port number> of RTP port on IP b (requires -A)
	   note: using -A and -B skips SIP sniffing, any RTP can be fuzzed

Updated on: 2024-May-23