Bluetooth hacking software for

Bluetooth Pentesting Tools (HW/SW)

This article describes various tools for bluetooth penetration testing and aims to provide an overview to choose the right tool for a use case.

Requirements

In order to use hardware pentesting devices a dedicated installation of kali linux is recommended but it is also possible to use hypervisors which are capable of passing USB devices from the host- to the guestsystem e.g. VMWare Workstation or the free hypervisor VirtualBox.

Information gathering

The offical linux bluetooth protocol stack BlueZ is already installed on kali linux but can be installed on other linux maschines with:

apt install -y bluez bluez-utils systemctl start bluetooth.service systemctl status bluetooth.service

Bluetoothservice.PNG

hcitool

To start with penetration testing we need to gather information about our environment, for this purpose scan for available bluetooth devices with the included packages ‘hcitool’ or ‘bluetoothctl’.

First check if your bluetooth device is available:

Hciconfig.PNG

Scan for BR/EDR Bluetooth devices with hcitool:

Scanbr.PNG

In order to scan for BLE devices use:

bluetoothctl

Alternatively you can use bluetoothctl which is also included in the bluez-utils package:

Btctl.PNG

bettercap

This Software is described in the Bettercap Documentation.

bluelog

Another great tool for bluetooth device discovery is ‘bluelog’. It is extremly lightweight and can be automated for background usage without user intervention. Bluelog is already preinstalled on kali linux but can be installed with:

To start scanning for bluetooth devices use:

(n=log device names;m=log manufacturer;t=log timestamps of discovery;c=log device class)

Bluelog.PNG

Capturing bluetooth traffic

btmon

With the preinstalled package ‘btmon’ it is possible to capture traffic between the HCI and the controller:

btmon --write ~/Documents/bttraffic.snoop

These files can be viewed and analysed with ‘Wireshark’ which is also preinstalled on kali linux.

Wireshark

Alternatively you can capture bluetooth traffic directly with Wireshark. Start Wireshark with.

wireshark -w ~/Documents/bttraffic.snoop

. and select your bluetooth interface e.g. bluetooth0 or bluetooth1.

Wiresharkhciscan.PNG

Bluetooth Pentesting Software

In the following chapter we will present some software pentesting tools which are used for ethical bluetooth device hacking.

BlueMaho

BlueMaho is a tool suite for bluetooth device pentesting and provides various exploits. It is written in python and uses wxPython. The feature set includes: scanning, tracking, alerts on new devices or targeted devices, sending files or changing BT values like the BD_ADDR.

Although it is still listed in the kali linux tool list, it has to be manually installed:

apt install autoconf build-essential build-dep git python-wxtools git clone https://github.com/zenware/bluemaho cd bluemaho/config ./build.sh

In order to run the GUI use:

Читайте также:  Windows 10 устранение неполадок bluetooth

Bluemaho.PNG

GATT Tool

Before you can start using the GATT Tool you need to know the Bluetooth Address of the victim device. For gathering this information you can use the hcitool, which is described above.

The GATT Tool has a powerful interactive mode. During this mode the devices stay connected and you can use more than one handle sequentially.

sudo gatttool -I -b connect

To get the name of your Bluetooth interfaces use hciconfig, which is described above.

The Interactive mode also allows to list the characteristics of the connected device and control them.

Depending on the Privileges you can Read, Write characteristics of the device.

Read: char-read-hnd Write: char-write-req or char-write-cmd

The Privileges are described in the following graph

CharacterProperties.png

An example of an guided exploit can be found at the Mipow Playbulb: Bluetooth Connection Sniffing documentation

Bluepot

Bluepot is a Bluetooth Honeypot written in Java, it is designed to accept and store any malware sent to it and interact with common Bluetooth attacks. The system also allows monitoring of attacks via a graphical user interface that provides graphs, lists, a dashboard and further detailed analysis from log files.

In order to install bluepot use following commands:

wget https://github.com/andrewmichaelsmith/bluepot/raw/master/bin/bluepot-0.1.tar.gz tar xfz bluepot-0.1.tar.gz java -jar bluepot/BluePot-0.1.jar

Bluepot.PNG

spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device information. The software is able to clone and log bluetooth devices, generate or change new random bluetooth profiles and specify device information for bluetooth interfaces.

E.g.: Spoof your own device address for the interface hci0:

Btspoofbdaddr.PNG

Bluetooth Pentesting Hardware

For hardware pentesting devices like the Ubertooth one please see following documentations:

References

Источник

mobile-hacking

We all are familiar with the term hacking and the disadvantages faced by anyone when it is being used in illegal ways. Previously, hacking was restricted to computers or computer networks only but as time changed this field has grown up and now mobile phones, especially the multimedia phones are more prone to hacking. There are various hacks and software already present on the web which helps hackers in hacking any multimedia phones. In this post, I have outlined only Bluetooth Hacking Software. These software are very efficient and can hack any Bluetooth-enabled device without any prior knowledge of the user.

7 most popular bluetooth hacking software to hack mobile phones - mobilehack

So here comes the list of useful Bluetooth hacking software.

1. Super Bluetooth Hack 1.08

This software is used for controlling and reading information from a remote phone via Bluetooth or infrared. Phone list and SMS can be stored in HTML format. In addition to it, it will display information about battery, network, and sim card.

Читайте также:  При передаче данных через bluetooth

2. Blue Scanner

Blue Scanner searches out for Bluetooth-enabled devices and tries to extract as much information as possible for each newly discovered device in other words one can use this one to spy on others who are close.

3. Blue Sniff

BlueSniff is a simple utility for finding discoverable and hidden Bluetooth-enabled devices. It operates on Linux.

4. BlueBugger

This simply exploits the BlueBug (name of a set of Bluetooth security holes) vulnerability of the Bluetooth-enabled devices. By exploiting these vulnerabilities one can access phone-book, call lists, and other information of that device.

5. BTBrowser

BT Browser is a J2ME application which can browse and explore the technical specification of surrounding Bluetooth-enabled devices. One can browse device information and all supported profiles and services records of each device.

6. BTCrawler

BT Crawler is a scanner for Windows Mobile Based devices. It scans for other devices in range and performs service queries. It implements Bluejacking and BlueSnarfing attacks.

7. BlueSnarfing

Bluesnarfing is a method of hacking into Bluetooth-enabled mobile phones and with this, you can copy its entire information like contact book, etc. With this software you give the complete freedom to hackers, to send a “corruption code” to you which will completely shut-down the phone down and make it unusable for you.

Disclaimer: I have outlined these software for your information and knowledge purpose only. It’s an advice to all the multimedia phone users to keep off your Bluetooth and if any harm will occur then we do not take any responsibility.

Please leave your thoughts on Bluetooth hacking in the comments section below.

Источник

H A C K R Z

H A C K R Z

Bluetooth Technology is great. No doubt. It provides an easy way for a wide range of mobile devices to communicate with each other without the need for cables or wires. However, despite its obvious benefits, it can also be a potential threat for the privacy and security of Bluetooth users (remember Paris Hilton?).

If you are planning to gain a deeper understanding of Bluetooth security, you will need a good set of tools with which to work. By familiarizing yourself with the following tools, you will not only gain a knowledge of the vulnerabilities inherent in Bluetooth-enabled devices, but you will also get a glimpse at how an attacker might exploit them.

This hack highlights the essential tools, mostly for the Linux platform, that can be used to search out and hack Bluetooth-enabled devices.

Читайте также:  Bluetooth flash usb адаптер

DISCOVERING BLUETOOTH DEVICES

BlueScanner – BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device.

BlueSniff – BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices.

BTBrowser – Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 – the Java Bluetooth specification.

BTCrawler – BTCrawler is a scanner for Windows based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks.

HACKING BLUETOOTH DEVICES

BlueBugger BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information.

CIHWB Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack.

Bluediving Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode.

Transient Bluetooth Environment Auditor T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools.

Bluesnarfer Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data.

BTcrack BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges.

Blooover II Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable.

BlueTest BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices.

BTAudit BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices.

What’s next ? Let everyone know to disable Bluetooth until they really need it. Additionally, make sure to update your phone software on a regular basis.

Источник

Оцените статью
Adblock
detector