In this guide, we delve into the essentials of checking PCAP data for cybersecurity professionals. Learn how to effectively use tools like Wireshark and scripts for Braktooth and Internalblue exploits.
This article provides a step-by-step approach to accessing, reviewing, and analyzing log and report data, equipping you with the necessary skills to enhance your cybersecurity toolkit.
Reviewing Log Data
log data location: /usr/share/BlueToolkit/bluekit/.logs
To review them you can execute the following command
cat /usr/share/BlueToolkit/bluekit/.logs
Reviewing Report Data
report data location: /usr/share/BlueToolkit/bluekit/AA:BB:CC:DD:EE:FF/report.csv
To review a report you can export it as JSON or CSV to Excel or any other tool you need. AA:BB:CC:DD:EE:FF is a MAC address for a target device
Reviewing PCAP Data
So far there are 2 variants Braktooth or Internalblue wireshark installations. for braktooth exploits, you can use the following Wireshark binary that can be found at /usr/share/BlueToolkit/modules/tools/braktooth/wdissector/bin/wireshark
If you use a VM, you can install Braktooth on your machine, without writing to the development board, that way you would be able to access a Wireshark binary.
For Internalblue you can use the following script
#!/bin/bash
sudo apt install git python3-setuptools binutils-arm-linux-gnueabi adb python3-pip python3-dev gcc
python3 -m pip install https://github.com/seemoo-lab/internalblue/archive/master.zip
sudo apt-get install wireshark-dev wireshark cmake
git clone https://github.com/seemoo-lab/h4bcm_wireshark_dissector
cd h4bcm_wireshark_dissector
mkdir build
cd build
cmake ..
make
make install
python3 -m pip install cmd2 pure-python-adb pwntools pyelftools
cd ../..