[ Tutorial ] Bluetooth Interception with BrakTooth Sniffer on ESP32

  • 💌Important Message to All Fellas💌

    💌Important Message to All Fellas : 💌

    ⚠️Thank you for being with us over the past year.
    To support our community, we're now offering an "Account Upgrade" for purchase.
    VIP and Legendary members get special direct downloads without needing to like or reply to threads. Upgrade now to enjoy these benefits!
    HERE Our Official Telegram

    ⛔ Spam: If someone try SCAM you or SPAM Message to you let me know we will ban them

    🏆 Download Error or Missing Link: Click on threads and report them to Our admin will re-upload for you.

    ☣️ Infected or Backdoor/RAT: If you find a virus, please report it to us via Telegram or click report in the threads, and we will completely ban them in 100%

    🎯 Our Plan : Make resource downloads on a private host without using another free upload because easy gone

    ❤️ We try our best to make everyone's shared tools clean and fresh in here, so enjoy with our fellas. ❤️

Chucky

New member
Jul 10, 2023
Threads
12
12
3
Credits
2,483
BrakTooth Sniffer - is an active BR/EDR sniffer that can be used to study the Bluetooth (BT) BR/EDR interaction between the ESP32 controller and a remote target.

Scheme for intercepting Bluetooth using a sniffer on ESP32.

esp.png
Unlike passive sniffer devices that do not communicate with a Bluetooth network (piconet), an active sniffer connects to a remote Bluetooth device (BR/EDR target) and allows you to test the Bluetooth protocol.

The BrakTooth sniffer supports cheap boards like ESP32-DOIT ($4) or ESP32-DevKitC ($10).

Installing BrakTooth Sniffer

Clone the repository:
git clone https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer

Go to directory:
cd esp32_bluetooth_classic_sniffer

Install the latest version of Wireshark and Python3 (requires sudo):
./requirements.sh

Building the Bluetooth host programs and the Wireshark h4bcm dissector:
./build.sh

BrakTooth Sniffer ESP32 Firmware​

Before you can start using BrakTooth Sniffer, you need to upload custom firmware to your ESP32:
./firmware.py flash /dev/ttyUSB0

Change ttyUSB0 to your port.

Using BrakTooth Sniffer​

Syntax:

BTSnifferBREDR.py

Usage options:
--port TEXT - port name (/dev/ttyUSBx for Linux).
--host TEXT - BDAddress of the local host (default: E0:D4:E8:19:C7:68).
--target TEXT - BDAddress of the remote target (for example: a8:96:75:25:c2:ac).
--live-wireshark - open a live Wireshark session
--live-terminal - display a summary of each packet in the terminal.
--bridge-only Starts an HCI bridge without connecting to the Bluetooth host stack.
--help Show message and exit.

You can use the sniffer as master or slave. If you specify the --target option, the sniffer will connect to the remote target. If you do not use this argument, it will be in standby mode, waiting for a connection to it.

Argument--bridge-onlyonly creates an HCI pseudo-terminal ( /dev/pts/x), so the ESP32 can act as a standard HCI Bluetooth controller. You can use this feature to connect any other Bluetooth host stack to the ESP32.

Consider examples of using the BrakTooth sniffer.​

Connecting to a Remote Target (Master )​

./BTSnifferBREDR.py --port=/dev/ttyUSB0 --target=E0:D4:E8:19:C7:69 --live-terminal --live-wireshark
2023-07-11_06-56.png

Bluetooth Connection Waiting (Slave )​

./BTSnifferBREDR.py --port=/dev/ttyUSB0 --live-terminal --live-wireshark

HCI bridge mode (connecting to another Bluetooth host stack )​

2023-07-11_06-57.png

./BTSnifferBREDR.py --port=/dev/ttyUSB0 --bridge-only --live-terminal --live-wireshark

That's all. Now you know how to intercept Bluetooth using a sniffer on ESP32. See the
Please, Log in or Register to view URLs content!
for details .

 

Forum statistics

Threads
1,775
Messages
35,463
Members
8,200
Latest member
drack78
Member time online
651d 15h 33m
Reputation(s)
26