I'm trying to get asterisk 11.20.0 running with WebRTC (sip.js 0.72 which I believe is a fork of jssip), but I'm seeing the following (and the called party rings, but when the phone is answered the call gets hung up).
This is my setup:
What I see:
In the CLI:
[2015-11-24 01:01:53] NOTICE[43619][C-00000002]: res_rtp_asterisk.c:4441 ast_rtp_read: Unknown RTP codec 95 received from '(null)'
In Firefox:
InvalidSessionDescriptionError: Invalid description, no ice-ufrag attribute
Attachments:
SIP Dialogue (Asterisk CLI)
Webphone Log
Config Files (httpd.conf, sip.conf, rtp.conf)
Asterisk Compiled with Libuuid & Friends
What I've tried so far:
Changed webRTC implementations (tried chrome and firefox both with SIPML and SIP.JS)
Set the STUN server to null on the client side (stunServers: ['stun:null'])
Configured properly (I hope) my sip.conf and rtp.conf and httpd.conf
Made sure I have libuuid, uuid and their -devel companions and after i've recompiled asterisk.
What I've read:
http://forums.asterisk.org/viewtopic.php?p=201702
https://wiki.asterisk.org/wiki/display/AST/Asterisk+WebRTC+Support
https://wiki.asterisk.org/wiki/display/AST/WebRTC+tutorial+using+SIPML5
http://jssip.net/documentation/misc/interoperability/asterisk/
http://sipjs.com/guides/server-configuration/asterisk/
https://kunjans.wordpress.com/2015/01/09/web-sip-client-sipml5-with-asterisk-13-on-centos-6-6/
http://forums.digium.com/viewtopic.php?f=1&t=89798
Please, if you can, give me a hand. I'm about to smash my box with a sledge hammer.
Faced same issue and followed instruction in http://forums.digium.com/viewtopic.php?f=1&t=90167 realise that:
This issue is caused because you asterisk don't have ICE support, you can solve that by installing the uuid/libuuid and uuid-devel/libuuid-devel packages on your system. Then recompile asterisk(be sure to rerun the configure script before the make command).
I did recompile my Astersik 11.16.0 with patch for ECDH support and fallback to prime256v1 https://issues.asterisk.org/jira/browse/ASTERISK-25265 and looks like lost uuid support at that time. Reverting back to non-patched version (with uuid support, use to be compiled before) resolved my issue with "no ice-ufrag attribute" error in Firefox console and calls are going well now from WebRTC client SIPML5 based to asterisk, but not in opposit direction
Related
I am trying to understand/reproduce Log4shell vulnerability, using this poc and also information from Marshalsec.
To do that, I've downloaded Ghidra v10.0.4, which is said (on Ghidra download page) to be vulnerable to log4shell. Installed it on an ubuntu VM, along with java 1.8 (as stated in POC), and loaded the Poc + marshalsec snapshot.
Tried to start Ghidra, it said java 11 was needed, so although I've installed java 1.8 I still downloaded java 11 and, when you start ghidra, it says the installed version is not good enough and ask for the path to a java11 version; so I just gave him path to the jdk11 directory and it seems happy with it. Ghidra starts alright.
Then set up my listener and launched the poc, got the payload string to copy/paste in ghidra, and got a response in the ldap listener saying it'll send it to HTTP. But nothing more. The end.
Since the HTTP server is set up by the same POC, I thought maybe I just couldn't see the redirection, so I started the http server myself, started the ldap server myself with marshalsec, and retried (see pics below for exact commands/outputs).
Setting http server:
Set listener:
Setting LDAP server:
Send payload string in Ghidra (in the help/search part, as shown in kozmer POC); immediately got an answer:
I still receive a response on the LDAP listener (two, in fact, which seems weird), but nothing on the HTTP. The the Exploit class is never loaded in ghidra (it directly sends me a pop-up saying search not found, I think it is supposed to wait for the server answer to do that?), and I get nothing back in my listener.
Note that I don't really understand this Marshalsec/LDAP thing so I'm not sure what's happening here. If anyone have time to explain it will be nice. I've read lot of stuff about the vuln but it rarely goes deeply into details (most is like: the payload string send a request to LDAP server, which redirect to HTTP server, which will upload the Exploit class on the vulnerable app and gives you a shell).
Note: I've checked, the http server is up and accessible, the Exploit.class file is here and can be downloaded.
Solved it.
Turned out for log4shell to work you need a vulnerable app and a vulnerable version of Java; which I thought I had, but nope. I had Java 11.0.15, and needed Java 11 (Ghidra need Java 11 minimum, only vulnerable version of Java 11 is the first one).
Downloaded and installed Java 11, POC working perfectly.
Some friends and I want to leave WhatsApp for good and as I've been playing around with my Rpi4 for years now, I thought I'd use that to set up an XMPP-Server for us to use, to have a secure and customizable experience.
I've tried it with ejabberd and installed it from the repo. I also tried to compile the newest version, but I get an error output every time.
It works fine so far, but it differs from what I've seen online.
My problem is, that registration from outside doesn't work at all. I can register from ejabberdctl, but that's it. On the tested clients it says "server doesn't allow registration", although I have enabled everything that says anything about registration allowance.
System: Raspberry Pi 4 (4GB)
OS: TwisterOS 1.9.6 (Based on Raspbian 32bit)
Ejabberd Version: 18.12.1-2
Config files:
Ejabberd.yml https://textuploader.com/18mqx
Ejabberdctl.cfg https://textuploader.com/18mqz
When the "mod_register" line is enabled/uncommented (or any other not by default enabled mod), ejabberdctl live gives following output: [error] Cannot load /etc/ejabberd/ejabberd.yml: Syntax error on line 272 at position 2: did not find expected key
I am very thankful for any help, whether it's getting my current version to allow registration or compiling the current version which seems easier to work with, as all of the solutions I've seen on the internet won't work with my version.
Kind Regards,
Arokan
I figured it out. You won't believe it...
The prewritten spaces in
" ## mod_register: "
seem to not have been spaces but something else, though they weren't wide as tabs but exactly as spaces.
So I deleted the spaces before mod_register: and hammered the space key myself. After that, everything worked out perfectly and other modules do as well in the same way.
tl;dr: Replace the pseudo spaces with own spaces.
I 'm working on esp8266 module these days.
The firmware on this module is nodemcu 0.9.6 and its language is lua.
I use mqtt protocol for my project and it works well.But TLS is necessary.
I don't know how to set tls on this firmware. I 've searched but documents about TLS on nodemcu website is not enough for me.
I know that I should use this instruction at connection time to broker:
m:connect(BROKER, 8883, 1 , function ( connection ) ... end )
and to put the CA file on module i should use something like this:
enter image description here
that 's what i read from nodemcu website --> https://nodemcu.readthedocs.io/en/master/en/modules/net/#netcertverify
but the problem is when i use this on my code the module doesn't understand it and gives error at upload time and runtime.
is this problem because of the version of my firmware? Upgrading will make it? Or I am just doing something wrong on my code?
I haven't seen sample code about putting CA file on module in other project so I guess my work is wrong.
if you have worked on TLS ( on nodemcu firmware ) I would be happy by your helps.
Build a recent firmware with SSL/TLS enabled.
Flash the binary to upgrade. Make sure all flashing parameters are exactly as documented and include the init data binary.
The rest of your code seems fine.
Take a look at this question and read through comments of the answer.
You may have to get esp_init_data_default.bin from latest sdk.
I used esptool.
esptool.py --port <PORT> write_flash -fm dio -fs 32m 0x00000 <BIN_PATH_AND_FILENAME> 0x3fc000 <PATH\>esp_init_data_default.bin
Please do upvote this post if you find it is useful. Thumbs up for #MarcelStör.
I am trying to fetch a file over HTTPS in Io language:
url := URL with("https://api.example.com")
url fetch println
And I get this:
Error_0x7f97e1509a80:
location = "/opt/local/lib/io/addons/Socket/io/URL.io:232"
message = "Protocol 'https' unsupported"
I was trying to find something on the net, but, as everybody knows, it's not easy because of the name. I only found this thread http://tech.groups.yahoo.com/group/iolanguage/message/10898 but that's quite old.
How can I get the HTTPS support in Io?
EDIT
I've found that there is a SecureSocket addon, a wrapper over OpenSSL, in Io's source. It wasn't installed when I did sudo port io install on my MacBook with Mountain Lion, though. I tried building it from source, but no luck. It didn't build for me on a Linux machine, either.
EDIT2
I just tried to build Io from source (git clone https://github.com/stevedekorte/io.git) again (using the included script build.sh) and it turned out that cmake did detect OpenSSL:
-- Found OpenSSL: /usr/lib/libssl.dylib;/usr/lib/libcrypto.dylib
But then the SecureSocket addon is not built. Its readme file: https://github.com/stevedekorte/io/tree/master/addons/SecureSocket says:
The DTLS1 bindings are not usable unless the patches in this file are
applied to OpenSSL 0.9.8e. However, this patch includes a
deactivation of the handshake retransmission code in d1_both.c,
making it unsuitable for production environments. I take no
responsibility, etc, etc. If you want to use it anyway, apply the
patches(gathered from various newsgroups and my own experimentation)
and uncomment the commented-out block of build.io. For what it's
worth, DTLS support in OpenSSL is new as of 0.9.8 and is pretty buggy
to begin with. It's a nice idea, but it doesn't seem to be
production ready at all yet. These bindings are no exception.
If you can't get io to do it your best option would be calling an external tool like wget or curl which can and then loading the file/result locally or returning it via a pipe.
For anybody else interested in another workaround, it should be possible to put stud in front of an Io program which will do the SSL stuff. I have not tested that myself yet.
stud - The Scalable TLS Unwrapping Daemon stud is a network proxy that
terminates TLS/SSL connections and forwards the unencrypted traffic to
some backend. It's designed to handle 10s of thousands of connections
efficiently on multicore machines.
I have tried for days now trying to find the right version of red5phone, but to no avail. Also, I need red5 and asterisk to be on different servers. I have followed all instructions described in the various tutorials on web, but nothing helps. I have downloaded 2 different versions of red5phone: sip1, sip_47 from the red5phone google code site, but none of them worked!
When I use:
a) sip1 - shows the correct parameters being passed on the red5 server console, but connection is stuck up with the console displaying the following error:
[NioProcessor-1] ERROR o.r.server.service.ServiceInvoker - Method login with parameters [<sip user>, <sip user>,<sip user>,<sip user pwd>, <asterisk server i/p>, <asterisk server i/p>] not found in org.red5.server.webapp.sip.Application#2d0c94a7
b) sip47 - when I type in the values in the flex interface and check the red5 server console, I see all parameters correct(the ones I passed) except for asterisk server ip that i m trying to connect. Instead, it shows 127.0.0.1 by default and completely ignores the passed ip and regsitration fails.
I am using:
red5 server version: 0.9.1, centos: 4.8(final), red5phone used: sip_47 (tried sip1 as well)
As a desperate measure I tried debugging the source code for red5phone (java and flex files) myself. but when I try to create the environment on my local system, I get several compile errors for missing java packages such as javax.media, org.slf4j, org.red5, etc. really confused and desperate for some guidance. Any tips highly appreciated.
Sunil, I'm also new to this, I would try red5-voicebridge installed in your red5 server.
red5-voicebridge Please let me know if you got it to work.