What software is needed?There are many online services that allow people to spoof calls, but it is possible for someone to spoof caller IDs without these services. To spoof a caller ID you need to have a PBX (private branch exchange) and have an external trunk to allow calls to go to the outside world. You can obtain a popular free software-based PBX called Asterisk. This software allows you to turn any system into a PBX.
How to communicate externally?To be able to communicate externally, you will need to obtain access to a VoIP provider. You can purchase the particular services that you need from a VoIP provider online. A prevalent form of communication between the PBX and a VoIP provider is SIP (session initiation protocol). Once the trunk has been purchased and configured, you will be able to communicate with the outside world.
What type of Hardware do you need?There are many phones that can use SIP to communicate with the VoIP provider. However, for my configuration, I have used two of the Grandstream DP720, and they require the Granstream base station DP750. This base station can be configured to use SIP to communicate with Asterisk that is running on a Raspberry PI 3 B+ using RasPBX.
What is RasPBX?RasPBX is Asterisk for the Raspberry PI. RasPBX contains Asterisk to be able to function as a PBX and FreePBX for easy configuration of Asterisk. RasPBX contains Debian Stretch as the operating system so that it can function on the Raspberry PI.
How difficult is it to spoof calls with Asterisk?This requires that Asterisk has been configured to use the VoIP trunk and that the routes have been configured. Asterisk allows for easy configuration of the outbound caller ID. All that needs to be configured to start spoofing outgoing calls is to configure the outbound caller ID field. This field doesn’t have any verification to determine whether or not the system is authorized to use the provided number for the caller ID. However, VoIP providers know what numbers should be expected for the caller ID and can block the use of unauthorized numbers. The VoIP provider that I used did not block unauthorized numbers. It should be noted that spoofing caller IDs for malicious use is prohibited in many countries and that fines can be imposed for malicious use.
Setting the Caller ID
What does a caller ID look like in a packet capture?