Open in app

Sign in

Write

Sign in

Spoofing Phone Numbers with Twilio (Outdated)

Jason Puglisi
11 min readApr 1, 2019

--

If you own a phone, you’re probably no stranger to spam calls. Telemarketers and scammers will do anything to make you pick up a call. No matter how many phone numbers you block, you’re bound to see another one–probably from your own area code. The Federal Trade Commission (FTC) has even warned the public not to answer calls from their own phone number.

Where are all of these numbers coming from, and how can someone call you from your own phone? The answer isn’t anything as exciting as hacking. This article will show you how to do it yourself from the comfort of your home. The practice, known as “caller ID spoofing” is completely legal in the United States as long as it’s not being used for malicious purposes. If you live somewhere else, you should check your local laws before proceeding.

Why do this?

You’ve likely been subjected to legitimate applications of caller ID spoofing without even realizing it. Businesses may use it to display a single phone number for every call they make, and information security teams may use it to test employee readiness when it comes to voice phishing (vishing) attacks. Until phone companies implement robust caller ID authentication, spreading awareness of these techniques and their ease-of-use can only help.

Getting Started

FreePBX server prerequisite

FreePBX is a web interface for Asterisk, a popular Voice over Internet Protocol (VoIP) system. FreePBX can be installed on a local virtual machine or cloud hosting platform such as Amazon Web Services or Google Cloud Platform. Installing on a cloud hosting platform with a static public IP address is recommended. If you own a web domain, you should also set up a DNS record pointing to the static IP.

For an environment identical to the one used in this article, follow this guide to installing FreePBX 15 on Debian 9.6. Be sure to run the shell commands one at a time so you can catch errors or enter input when required.

If your server is running a firewall, be sure to open ports TCP:80,443 and UDP:5060,10000-20000.

Twilio account prerequisite

Update April 22, 2019: Twilio has changed their service to no longer allow caller ID spoofing, even from paid accounts. Therefore, the following instructions no longer work. However, they are still left in for reference as other SIP trunking services may have similar setup processes.

Twilio is a developer-friendly communications platform. It provides services for phone calls, text messages, and more. In this case, you’ll be using it as a VoIP provider to connect your FreePBX server to the global telecommunications infrastructure. You will need an account with a verified phone number, default payment method, and minimum amount of funds added. These steps are necessary to remove trial restrictions that prevent FreePBX from spoofing caller ID.

Twilio Setup

Creating a project

While your smartphone is capable of a lot by itself, it can’t do much without a service provider. Similarly, FreePBX needs a service to connect it to other phones around the world. Twilio provides this service in the form of an “Elastic SIP Trunk.”

Twilio Elastic SIP Trunking project template
  • At the Twilio dashboard, select Create New Project.
  • Switch to the Products tab and select Elastic SIP Trunking from the options below.
  • Click Continue, specify a Project Name, and click Skip Remaining Steps to proceed to the project dashboard.

Creating a SIP trunk

  • On the left, click the Elastic SIP Trunking icon.
  • Click Getting Started then Create a SIP Trunk.
  • Specify a Friendly Name and click Create.
Twilio SIP trunk connection URI
  • Switch to the Termination menu and specify a Termination SIP URI. FreePBX will use this to connect to Twilio, and it most be unique across all projects on Twilio. You may need to try a few different options until you find one that isn’t taken.
Twilio access control list setup
  • Click the plus button next to IP Access Control Lists to specify what IP addresses should be allowed to connect to Twilio.
  • Specify a Friendly Name and the static IP address of your FreePBX Server in the first input next to CIDR Network Address. Specify 32 for the second input to indicate that only one IP address is in use.
  • Click Create ACL.
Twilio user account setup
  • Click the plus button next to Credential Lists to create a user account for FreePBX to connect to Twilio.
  • Specify a Friendly Name as well as a Username and Password pair that FreePBX will use to connect.
  • Click Create then Save at the bottom of the page.

By the end of this guide, you will be able to dial into your FreePBX server from any telephone, specify a phone number to spoof, and specify a phone number to call with that spoofing. To facilitate this, you need a phone number from Twilio that will accept your calls.

  • Switch to the Numbers menu and click Buy a Number.
  • Hit Search to get a random listing of phone numbers available. You can search multiple times until you find one you like.
  • Click Buy and Buy This Number to complete the process.
Twilio orignation URI
  • Switch to the Origination menu and click Add new Origination URI.
  • Next to Origination SIP URI, specify sip: followed by the IP address of your FreePBX server. If you’ve configured DNS for your server, you can enter a hostname here instead.

Twilio setup is now complete, and the rest of this guide will deal with your FreePBX server. Keep in mind the Termination SIP URI, Username, Password, and Number you created earlier.

FreePBX Setup

Logging into FreePBX

  • In a web browser, navigate to the address of your FreePBX server.
  • Specify a Username, Password (including confirmation), Notifications Email Address, and System Identifier.
  • Click Setup System then FreePBX Administration.
  • Login with the credentials you just created, verify your Timezone is correct, and click Submit to proceed to the FreePBX dashboard.

Take a minute to familiarize yourself with the top navigation bar. We will be accessing a variety of settings under the Admin, Applications, and other menus.

Installing required modules

  • Navigate to Admin/Module Admin and click Check Online.
  • Navigate again to Admin/Module Admin to reset the menu.
FreePBX module installation
  • Next to Repositories, select Extended in addition to Standard and click Check Online again.
  • Under the Admin heading, click Certificate Manager. Switch Action to Download and Install. Do the same for DISA under Applications.
  • Click Process, Confirm, and Return when it becomes available.
  • In the upper-right corner of the page, click Apply Config.

Configuring the base system

  • Navigate to Settings/Asterisk SIP Settings.
  • Under Security Settings, set Allow Anonymous Inbound SIP Calls to Yes.
FreePBX NAT settings
  • Under NAT Settings ensure External Address is correctly set to your server’s public IP address. Under Local Networks, fill in your private network details. This network should be different from the one your external address is on, and will likely look like 192.168.0.0/24, 10.0.0.0/24, or similar.
  • Ensure you followed the above step correctly! These details are essential to having a working FreePBX server.
  • In the bottom-right corner of the page, click Submit.

Creating a SIP trunk

  • Navigate to Connectivity/Trunks.
  • Click Add Trunk then Add SIP (chan_sip) Trunk in the menu that drops down. Do not confuse this with a similarly-named option.
  • Specify a Trunk Name.
FreePBX dialed number manipulation rules
  • Switch to the Dialed Number Manipulation Rules tab.
  • Replace prepend with +1 or your country’s dialing code if outside of the United States.
  • Replace match pattern with NXXNXXXXXX. This will ensure outbound calls are following a 10-digit phone number format. When placing a call, you will not specify the country code manually.
  • Switch to the sip Settings tab.
FreePBX outbound SIP tunnel settings
  • Specify the same Trunk Name as the one under the General tab from a few steps ago.
  • Recall the Termination SIP URI, Username, and Password you created in Twilio earlier. Insert these after host=, username=, and secret=, respectively.
  • In the bottom-right corner of the page, click Submit. Your web browser will warn you about not specifying an outbound caller ID. Ignore this warning and proceed, as your caller ID configuration will come later.

Creating an outbound route

  • Navigate to Connectivity/Outbound Routes and click Add Outbound Route.
FreePBX outbound route settings
  • Specify a Route Name. This does not have to be the same as the Trunk Name, but it can be.
  • Next to Trunk Sequence for Matched Routes, select the trunk you created a few steps ago.
  • Switch to the Dial Patterns tab. This time, replace just the main match pattern field with . (a single period). This will instruct FreePBX to send all outbound calls through this route.
  • In the bottom-right corner of the page, click Submit.

Configuring Direct Inward System Access (DISA)

  • Navigate to Applications/DISA and click Add DISA.
FreePBX DISA settings
  • Specify a DISA Name and PIN.
  • In the bottom-right corner of the page, click Submit.

Keep your PIN in mind, as you will need to enter it when dialing into your FreePBX server to ensure others aren’t connecting without permission. It will be used in conjunction with the phone number you configured earlier in Twilio.

Creating an inbound route

  • Navigate to Connectivity/Inbound Routes and click Add Inbound Route.
FreePBX inbound route destination settings
  • Next to Set Destination, select DISA. In the second dropdown that appears, select the DISA Name you specified a few steps ago.
  • In the bottom-right corner of the page, click Submit.
  • In the upper-right corner of the page, click Apply Config.
  • At this point, you can navigate back to the Dashboard.

Asterisk Setup

While most configuration so far has been done on the web, the caller ID spoofing requires some small manual configuration of Asterisk on the FreePBX server itself.

  • Open a shell on the FreePBX server.
  • Use a text editor such as nano (beginner) or vim (advanced) to edit the file /etc/asterisk/extensions_custom.conf. Be sure to open the file as root using sudo. A complete command might look like sudo nano /etc/asterisk/extensions_custom.conf.
  • Update the file contents to match the code block below. If you used a different country code earlier, replace the two instances of +1 with your own. In addition, change twilio-freepbx-spoofing to the Trunk Name you chose in FreePBX. Do not change any other part of the file.
[from-internal-custom]
include => spoof-callerid[spoof-callerid]
exten => 0,1,Answer
exten => 0,n,SayDigits(1)
exten => 0,n(collect),Read(callerid,,10)
exten => 0,n,Set(CALLERID(number)=+1${callerid})
exten => 0,n,SayDigits(2)
exten => 0,n(collect),Read(destination,,10)
exten => 0,n,Dial(SIP/twilio-freepbx-spoofing/+1${destination},300)
  • Ensure the you entered the file correctly and save it. Restart FreePBX and Asterisk to apply the changes with sudo systemctl restart freepbx. You might need to replace freepbx with whatever service name you created for FreePBX when setting up your server.

When FreePBX is finished restarting, the setup is complete. You’re now ready to try out some caller ID spoofing!

Spoofing Caller ID

  • Recall the Number you set up in Twilio and the PIN you set up in FreePBX earlier.
  • With any telephone, call your Number. When prompted, enter your PIN followed by # (pound).
  • You’re now at the internal FreePBX directory. Dial 0, as this extension leads to your caller ID spoofing system.
  • The system will speak the number “one.” When you hear this, enter the 10-digit phone number you want to spoof your caller ID as.
  • The system will speak the number “two.” When you hear this, enter the 10-digit phone number you want to call with the spoofed caller ID.
  • The system will connect you to the second number you entered, and your caller ID to that phone will show up as the first number you entered.

If all went well, then you’re all done! If something didn’t work as expected, go back and retrace your steps, making sure you configured each part of Twilio and FreePBX correctly. VoIP is very finicky, and it may take a few tries to get everything perfect.

Now that your system is serving its purpose, you can make a few small refinements to improve security and ease-of-use.

Optional FreePBX Improvements

Switching to HTTPS

You must have DNS set up with a publicly-routable domain name to complete this step.

  • Navigate to Admin/Certificate Management and click New Certificate then Generate Let's Encrypt Certificate.
FreePBX Let’s Encrypt TLS certificate generation
  • Specify a Certificate Host Name, Owners Email, Country, and State/Province/Region that accurately reflect your web domain.
  • In the bottom-right corner of the screen, click Generate Certificate.
  • Find the row of your newly-created certificate, and click the checkmark under the Default column to make it the default. Confirm when prompted by your web browser.
  • Click the trash can icon under the Action column next on the row of the previous default certificate. Confirm when prompted by your web browser.
  • Click Delete Self-Signed CA to clean up the certificate authority from the previous default certificate. Confirm when prompted by your web browser.
  • In the upper-right corner of the screen, click Apply Config.

Now that a certificate has been generated, it must be manually installed on the web server.

  • Open a shell on the FreePBX server.
  • Enable TLS support within the Apache web server: sudo a2enmod ssl.
  • Open and edit the Apache website configuration file: sudo vim /etc/apache2/sites-available/000-default.conf.
  • At the bottom of the file, append the following code block.
<VirtualHost *:443>
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile "/etc/asterisk/keys/integration/certificate.pem"
SSLCertificateKeyFile "/etc/asterisk/keys/integration/webserver.key"
</VirtualHost>
  • Navigate to the other VirtualHost block right above the one you inserted. Just before the closing </VirtualHost> line, add the following line. Replace localhost with the domain name you generated the TLS certificate for.
Redirect / https://localhost/
  • Save and close the file, then restart Apache: sudo systemctl restart apache2.

All traffic to your web interface will now use HTTPS.

Dialing in quicker

You’ll probably want to add your Twilio phone number to your contacts for easy access. In addition, most phones will let you add pauses and additional input, such as your PIN. For example, the number +1 (123) 456-7890,1234#,0 will often automatically dial +1 (123) 456-7890, enter the pin 1234 followed by the pound sign, and enter the extension 0. Then, you would only need to specify your caller ID and destination phone numbers.

Conclusion

This guide was created to gather information from multiple sources and piece it together in a detailed and comprehensive manner. Among the most influential sources were Jonathan Stines’ Rapid7 blog post, Twilio’s SIP trunk configuration videos, and the FreePBX community forums.

While the process may seem daunting at first, setting up caller ID spoofing isn’t too complicated once you understand the components. It all boils down to phone service providers not caring or verifying that a caller is actually who they say they are.

If you’re a security professional, try out some vishing as part of your next authorized red-team engagement. If you’re just looking to prank friends, be sure to spread awareness about the dangers of caller ID spoofing and the scams that those friends may encounter. If you can’t call someone back at a trusted, publicly-listed phone number, you should be very suspicious.

Thanks for reading and happy (legal) spoofing!

Technology
Twilio
Freepbx
Voip
Spoofing

--

--

Jason Puglisi

Written by Jason Puglisi

31 Followers

Hacker, musician, artist, explorer • pugli.si

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams