Using Linux to Intercept IoT Device Traffic
HTML-код
- Опубликовано: 6 фев 2025
- mitmrouter on GitHub:
github.com/nma...
Need IoT pentesting or reverse engineering services?
Please consider Brown Fine Security:
brownfinesecur...
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
Raspberry PI Pico: amzn.to/3XVMS3K
XGecu Universal Programmer: amzn.to/4dIhNWy
Handheld Multimeter: amzn.to/4b9cUUG
Bench Multimeter: amzn.to/3YUjbQS
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
Soli Deo Gloria
💻 Social:
website: brownfinesecur...
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nma...
#hacking #iot #cybersecurity
Bro just keeps on going
Heck yes! 😂
U down with IoT yh u kno me*
*Matt Brown
Awesome stuff. Nothing better than a cup of coffee in the morning while consuming some IoT traffic interception YT content by a great engineer.
Nothing better than a line of cocaine in the morning
Nice tutorial. Amazing how easy it is to set up a 'router' in Linux. I did essentially the same thing with a Raspberry Pi some time ago so I have a 'router' on a micro SD card that I can plug in, power up and connect wireless stuff to either to isolate it or, as you do, to run packet captures on. Good fun and great learning experience.
Keep crushing brother, amazing work
Great Tutorial, even better script. Many "use cases" for this, great launch pad to learn scripting/networking... thanks Matt
I liked as soon as I opened the video because I already know I’m gonna watch to the end. Great content!
This is fantastic. I have some IOT devices that I'm really looking forward to checking out with this.
This is awesome. I have accomplished something similar using the Connection Sharing features available in the Net Manager GUI included with some distros including Kali, but your script is more in line with what I have been looking to do. It is infinitely more flexible.
Enabling Connection Sharing in Windows also works for pretending to be a router with a DHCP server enabled that can be sniffed with Wire Shark, but configuration is extremely limited.
Thanks for all you do!
I see that Sneakers reference :) great movie! Been loving your videos - I have a network forensics/analysis course this semester that I'm looking forward to, and I hope to end up doing similar hardware security stuff.
I was wondering why RUclips recommended this video to me. Saw WIFI_SSID="setec_astronomy" and remembered RUclips also recommended Sneakers the day before. Is RUclips trying to influence the direction of hacking?
found this channel yesterday, you're a great presenter! thank you! :)
Nice job br0
I see what you did there.
Loving the content, Matt!
Nice br0, bro
Really love these videos and the very simple explanation. Kudos and great work Matt
Wow, this channel is freaking gold!
Bro_1 Sharing the knowledge. Nice work Matt, thanks for sharing
Man, awesome stuff!!! Your videos are awesome! Please continue your amazing work!
Thank you, very interesting. Gonna have lots of fun trying to decrypt all the data and understand it.
I'm so glad I started following you
My new favourite channel! 🎉
Let's keep it coming, Matt! Let's go!!
Thank you a lot for your vids! Its very interesting and understandable!!!!!!!!)) you are Genius!!!!!!!!!
Thanks Matt. very useful. Keep going please
Thanks Matt! I am guessing this is how we see how unruly our vacuum cleaners are! HA! Cheers!
Good vid and cool shirt!
Great video, thanks for sharing!
I am an arch fan too, come from openbsd and slackware. Good to know another distro gets some love that doesn't offer spoon feeding with a underwear change...
Nice explanation. ty. Nice work too :D
Nice shirt, love ur work, wish I had ur knowledge
I see some affinity for the Sneakers movie... :)
Awesome.. I have a couple of obscure devices - WiFi battery chargers - so you can keep an eye on your batteries on vehicles/toys/whatever (I use it on my tractor and UTV) but the company that makes them, doesn't keep up with the software (which is garbage) so now I can't see what's going on. This looks like a perfect project for a RPi Zero W with a PoE adapter on it.
Have two of those cheap v380 cameras which seems to have only two ports open but cant get any video out from them. Trying to enable RTSP have been unsuccessful to retrieve any video but it uses its own app to see the video so somehow it must be transferring it. Will test this method to see if I can retrieve the video.
As always Matt. Great stuff.
But what about certificate pinning when the outbound connection is looking for a https TLS1.2 connection?
lol setec astronomy, nice reference.
Amazing tutorial
waiting also for the third level e.g. ssl stripping/mitm since i'm expecting most IoT devices establish a secure connection to their cloud
br0
br0_1
br0_2
etc 😂
Another banger
hell yeah
new fav channel. A+
Damn awesome.
Oh wow, thank you!
Thank you
embrace br0 :D
Bonus for the SSID name
I followed the exact same step and used my laptop's wifi as the wan interface and a USB dongle as the wifi interface. But I can't get internet on my phone connected to the wifi and I am pretty sure this is because dnsmasq uses port 53 which can't be used because systemd-resolved is already on it. If I change the port of dnsmasq then I won't have internet because all the DNS request from my phone will be sent to port 53 and thus receive no answer. If I shutdown systemd-resolved instead, then it is my laptop that can't connect to the internet and thus my phone doesn't internet by extension. Any idea how I may fix that? Is there a way to tell my phone to send DNS requests to a different port easily? Or can't I use systemd-resolved directly instead of dnsmasq?
In `/etc/systemd/resolved.conf` change the stub setting to `DNSStubListiner=no` or you can change the addy it listens on. man 5 resolved.conf explain the details.
@@SlinkyD Setting DNSStubListener=no did allow to use port 53 however I still don't have internet :/ When you say chance the addr it listens on, do you mean systemd-resolve ? If so I am not sure how to do this, I couldn't really figure out from the man page how to do this!
@@theohoule3840 IIRC, its a setting in that conf. file where you do something like `ListenAddress=127.0.0.53:53` where you change it to something else. Not near a computer so I'm not sure of the setting name or syntax.
The man page should have an explanation of the settings.
keep going
❤💘
I use ettercap to do an arp poisoning.
I love shouting "try this" at the screen just before you do it ...I love more when your next words are "nahh, try this way ...bro" :)) ... TOO MANY SECRETS
is this different in any way from creating a new hotspot (on a USB Wi-Fi adapter) via network manager then listen to it on Wireshark? or is this purely a look under the hood to understand how that works?
Yeah this is probably how network manager does all that under the hood. I hate network manager and don't use it on any of my Linux systems as it does things automatically that I want precise control over.
Is this functionally any different from a port mirror on a switch, as far as the packets you see?
Arch Linux Rules!! BlackArch is the bomb!
I run regular arch linux but add the blackarch repos and pull some of that stuff in sometimes. However, over time I've noticed that you can get all the same tools in the official repos + AUR. I find most AUR repos to be better than the blackarch ones
@@mattbrwn I have a spare computer just for blackarch.
Hey I was wondering if you could make a video of you trying to hack the Belkin Wireless Router N300 I have seen you hack other belkin router I think and I want to see if you could try to hack this one too. Keep in mode that this router Telnet available so you can probably look at that since the telnet is vulnerable on that router
Pardon me, but can I run it on a PC? or do I need specific wifi module with with an ability to do AP?
Could have done all that arp poisoning with ettercap without having to set up a rogue AP
Omfg 5min in les than 3psec of actual info
Playback at 2x min to avoid a coma
Its not working for me, i even copied the password from the script to my iot device, and it keeps saying “wrong password”
Which terminal is it?
But how to run this from a client script in Chrome where the IoT device is my boss clicking a link? Asking for a friend.
I think it's pronounced BRUH interface 😅
"The bro interface" 💀💀💀
br0 interface lol
IPv6 = No NAT!
First!
why Linux and not FreeBSD? I mean pfsense..
can the lan and wan be the same interface? eth0?
This command can be useful if you can connect but internet doesnt work:
sudo sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward=1 can be uncommented in /etc/sysctl.conf to persist when reboot
You can also simply set up a hotspot with a laptop and connect the IoT to it and listen to the wifi iface ;) Either way, what should I do with encrypted wireshark traffic?
I like connecting the smartphone/app to the hotspot, too. With a rooted device one gets the decrypted traffic (using burp e.g.) - sometimes the port and the commands if the IoT is setup for local communication :)
Fuck around and find out something new.
A few years ago, my brother came over when I was running a wireshark capture to pass time. It lit up when his phone & watch connected to wifi. I jumped down the rabbit hole and found out how to decrypt multicast packets for every device on my network.
Wildest thing about it was a 5 line bash function I made to find all hosts on my network that has a `disown` and two redirects to /dev/null just to work. Removing any would make it fail.