A live (and legal) target to simulate a victim of voicemail hacking.
Watch the video demo!
Caller ID spoofing is legal in the United States if it is not done with "the intent to defraud, cause harm, or wrongfully obtain anything of value".
Disclamer: This application is meant for educational purposes only.
This web application utilizes Twilio TwiML to connect to a live phone number (provided by you) and Heroku's free tier web hosting to quickly deploy a free instance of this application. You only need to pay for a Twilio phone number (1-2 dollars per month) and its usage (1-2 cents per minute).
If you want to deploy and tweak your own voicemail victim follow the steps below. Otherwise feel free to mooch on a pre-deployed instance and just point your Twilio number at it by jumping to Step 3 below.
First, you should sign up for a free Twilio account. In Twilio you will need to purchase a local or toll-free number. A local number is more realistic, but toll-free lets you absorb any telephone charges a caller would normally pay by charging you a little extra per call.
You should also sign up for a free Heroku account.
In order for Twilio to communicate with your web application, it needs to be deployed on the public Internet.
Click the button below to automatically set up the app using your Heroku account.
If you prefer to run your application locally, please make sure that you have Python and
pip installed. Please install the required packages:
pip install -r requirements.txt
Simply run the application by
python server.py. You can tunnel
localhost to the public Internet using ngrok:
To run the app in debug mode (with a stacktrace and an interactive shell on errors), export or set the environment variable
Debug mode is not suitable for production!
Navigate to https://www.twilio.com/user/account/phone-numbers/incoming. Select your Twilio phone number you wish to connect to the Voicemail Victim web application. Under
Voice enter your Heroku application URL for the
/call endpoint (e.g.
https://voicemail-victim.herokuapp.com/call) in the
Request URL field. Press
Save to apply the changes.
You can test by calling your Twilio phone number that you configured to point at the deployed Voicemail Victim web application instance.
Alternatively you can test by making GET requests to the
/call endpoint with various
From parameter values.