snoopy-ng
snoopy-ng copied to clipboard
sensepost
Bluetooth sniff with Ubertooth
How do one check if bluetooth sniffing is working ? I see no errors when starting Snoopy-ng with the bluetooth module but I also do not see any bluetooth data when working in Maltego ?
Regards Keld Norman
I'm pretty sure the current BT sniffing implementation uses basic "hcitool scan" whereas when using Ubertooth something like "ubertooth-scan" or a Python wrapper like pyubertooth should be used.
maximcherny is right. All you should have to do is edit includes/bluScan.py.
If it was me, I would also extend the snoopy.py bluetooth plugin to take an argument, such as "snoopy -m bluetooth:uber=true"
bluetooth data is logged:
root@probe1:~/Source/Snoopy/snoopy-ng# hcitool scan --info --class --flush Scanning ...
BD Address: 9C:D2:1E:--:--:-- [mode 1, clkoffset 0x6473] Device name: BRAVIA [cached] Device class: Audio/Video, Video Display and Loudspeaker (0x00043c)
And it is send to the database server where the log shows: [+] Sub-plugin wifi_aps currently observing 3 Access Points [+] Sub-plugin blutooth currently observing 1 client devices
But where in Maltego - in what transformation should it appear - do I need to make my own or is it in the included in the palette after importing the Snoopy categorys ?
/Keld Norman
Correct - the Bluetooth plugin was a fairly quick PoC using hcitool. We should definitely re-write it to use proper libraries.
I'll add some transforms. At the moment data is stored inside snoopy.db:
sqlite3 snoopy.db SELECT * FROM bluetooth_details; SELECT * FROM bluetooth_obs;
Or use sqlitebrowser for a GUI tool.
How do I add the column's to the db on the server recieving the clients data ?
2015-05-03 17:22:04 D blutooth.py: Scanning for bluetooth devices 2015-05-03 17:22:07 D snoopy: Not syncing table 'bluetooth_details' - no 'sunc' column 2015-05-03 17:22:09 D snoopy: Not syncing table 'user_agents' - no 'sunc' column
Any plans for adding 'user_agents', 'bluetooth_details' etc to the sync function in this release ?