Difference between revisions of "Bluetooth Pentesting Tools (HW/SW)"

Summary

This article describes various tools for bluetooth penetration testing and aims to provide an overview to choose the right tool for a use case.

Requirements

• Operating system: Kali Linux amd64 2019.2
• Packages: Individual shown for each tool

In order to use hardware pentesting devices a dedicated installation of kali linux is recommended but it is also possible to use hypervisors which are capable of passing USB devices from the host- to the guestsystem e.g. VMWare Workstation or the free hypervisor VirtualBox.

Information gathering

The offical linux bluetooth protocol stack BlueZ is already installed on kali linux but can be installed on other linux maschines with:

apt install -y bluez bluez-utils
systemctl start bluetooth.service
systemctl status bluetooth.service

Scanning for bluetooth devices

To start with penetration testing we need to gather information about our environment, for this purpose scan for available bluetooth devices with the included packages 'hcitool' or 'bluetoothctl'.

First check if your bluetooth device is available:

hciconfig

Scan for BR/EDR Bluetooth devices with hcitool:

hcitool scan

Alternatively you can use bluetoothctl:

In order to scan for BLE devices use:

hcitool lescan

Capturing bluetooth traffic

With the preinstalled package 'btmon' it is possible to capture traffic between the HCI and the controller:

btmon --write ~/Documents/bttraffic.snoop

Enter these commands in the shell

echo foo
echo bar

Step 2

Make sure to read

• War and Peace
• Lord of the Rings
• The Baroque Cycle

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

• A course where this documentation was used (2017, 2018)
• Another one (2018)

References

• https://wikipedia.org
• https://google.com