Caller ID Spoofing w/ Asterisk

Caller ID is often thought of as the ultimate way to see who is calling you. People use it to screen calls all the time. When you're able to spoof that number to whatever you would like you can easily defeat human nature of screening out calls from people they don't want to talk to. Besides being able to get in touch with those ignoring your calls it can be an attackers best friend. He or she can simply spoof your bank's number and social engineer you into giving out valuable information. The way people rely on caller ID it is unlikely the victim will realize what has happened until it is far too late.

Hardware Used:

  • Intel P4 box with 1GB of RAM

Software Used:

  • Ubuntu 7.10 Server
  • Asterisk
  • VMWare Workstation

Prerequisites

  • VoIP service from companies like NuFone or VoicePulse which allow you to use your own PBX
  • Asterisk installed and able to run
  • Basic Linux knowledge

Table of Contents

  1. Introduction
  2. Configuring Asterisk
  3. Final Thoughts

Introduction

There are 3 main configuration files that need a bit of tweaking to get Asterisk working properly. These are iax.conf, sip.conf, and extensions.conf. The names pretty much tell you what each will be configuring. IAX is Inter-Asterisk Exchange and is the protocol used when connecting two Asterisk servers and is perfect for NAT transversal unlike the nightmare of SIP. SIP is the protocol that software based phones or hardware IP phones use to connect to the Asterisk box and extensions are what process call flow and routing. These configuration files all follow the standard "INI" file type where sections are denoted such as [section1] and variables under sections are declared simply with var=foo.

Configuring Asterisk

First thing we'll cover is setting up the connection to your VoIP provider. Most good providers will give you a sample iax configuration file that you can look over for specifics to your service but in most cases simple open up /etc/asterisk/iax.conf and add a few lines at the end as follows:

[VoicePulse]
type=peer
host=server.example.voicepulse.com
username=SomeuSer
secret=PaSsWorD

The first line there gives this connection a human readable name. The type tells Asterisk what type of connection this will be. Peer lets us know we will be sending calls through this connection. Host, username, and secret are all used to make the connection and authenticate. All of this should be given to you by your provider. As you can see this configuration is very basic and there are tons more options that can be done if this was going to be used in a production environment. The next file we need to edit is /etc/asterisk/sip.conf.

[sipuser]
type=peer
host=dynamic
username=allan
secret=1234
context=outgoing

First line is again used to give the connection a name and type lets Asterisk know we can send calls to this connection and also make calls out. Setting host to dynamic ensures Asterisk keeps track of the IP/Hostname of the connection since it uses a dynamic IP. Username and secret are the username and password used to make the connection and context is used to simply tell Asterisk which context in the extension configuration to use. This lets Asterisk route the call as needed and be changed for each SIP user if you would like. The last configuration file for Asterisk is located in the same directory and named extension.conf. Open it up and add the following to the end:

[outgoing]
exten => _1NXXNXXXXXX,1,SetCallerID(2024561111)
exten => _1NXXNXXXXXX,n,Dial(IAX2/VoicePulse/${EXTEN})

Once again the first line is used to give a name to our settings. In this case it is called a context and that is what Asterisk uses to place calls based on your own rules. The next two lines will match any 1 + 10 digit US number. The N's and X's are basically just wild cards N matching any digit greater than 2 and X matching any at all. The 1 tells Asterisk to do that command first and the n is used to say "do this next" is basic terms. SetCallerID() is the key to spoofing caller ID. Here you can change the number to whatever you would like but most providers require a 10 digit number while others will let you even set your caller ID to numbers like 911. The next command is Dial() which is what we use to send off the call. The arguments used tell Asterisk to use the IAX2 protocol to our VoicePulse connection and to route the call to what we've dialed. ${EXTEN} is just a global variable used for the number dialed.

Everything should now be setup correctly and ready to use. The only thing left to configure is your softphone or IP phone depending what you are using. This is specific to individual phones and out of the scope of my project but essentially you tell your phone to connect to your Asterisk server. Often times from experience softphones will refer to this as "releam" or "domain" depending what phone you use (I recommend X-Lite or Twinkle). Besides that it will just ask for your username and password which were setup in sip.conf.

CID Spoofing In Action

As you can see because of ANI it shows the owner of that number as well as the actual number. Sorry about the image quality I could not take a picture of my phone without it being blurry :( but you get the idea.

Final Thoughts

Caller ID spoofing is not illegal in anyway. You should however worry about committing fraud as there are tons of laws against that. The real use of caller ID spoofing is to just trick your friends and have some fun. Don't do anything stupid. This is just information I'm trying to spread in order to show people that you can't always trust what your caller ID says.

Back to my projects