Checking PCAP Data – Essential Tools And Methods For Cybersecurity Analysis

In this guide, we delve into the essentials of checking PCAP data for cybersecurity professionals. Learn how to effectively use tools like Wireshark and scripts for Braktooth and Internalblue exploits.

This article provides a step-by-step approach to accessing, reviewing, and analyzing log and report data, equipping you with the necessary skills to enhance your cybersecurity toolkit.

Reviewing Log Data

log data location: /usr/share/BlueToolkit/bluekit/.logs To review them you can execute the following command

cat /usr/share/BlueToolkit/bluekit/.logs

Reviewing Report Data

report data location: /usr/share/BlueToolkit/bluekit/AA:BB:CC:DD:EE:FF/report.csv To review a report you can export it as JSON or CSV to Excel or any other tool you need. AA:BB:CC:DD:EE:FF is a MAC address for a target device

Reviewing PCAP Data

So far there are 2 variants Braktooth or Internalblue wireshark installations. for braktooth exploits, you can use the following Wireshark binary that can be found at /usr/share/BlueToolkit/modules/tools/braktooth/wdissector/bin/wireshark If you use a VM, you can install Braktooth on your machine, without writing to the development board, that way you would be able to access a Wireshark binary.

For Internalblue you can use the following script

#!/bin/bash

sudo apt install git python3-setuptools binutils-arm-linux-gnueabi adb python3-pip python3-dev gcc
python3 -m pip install https://github.com/seemoo-lab/internalblue/archive/master.zip

sudo apt-get install wireshark-dev wireshark cmake
git clone https://github.com/seemoo-lab/h4bcm_wireshark_dissector
cd h4bcm_wireshark_dissector
mkdir build
cd build
cmake ..
make
make install

python3 -m pip install cmd2 pure-python-adb pwntools pyelftools
cd ../..