Cyber security

Checking PCAP Data – Essential Tools And Methods For Cybersecurity Analysis

In this guide, we delve into the essentials of checking PCAP data for cybersecurity professionals. Learn how to effectively use tools like Wireshark and scripts for Braktooth and Internalblue exploits.

This article provides a step-by-step approach to accessing, reviewing, and analyzing log and report data, equipping you with the necessary skills to enhance your cybersecurity toolkit.

Reviewing Log Data

log data location: /usr/share/BlueToolkit/bluekit/.logs To review them you can execute the following command

cat /usr/share/BlueToolkit/bluekit/.logs

Reviewing Report Data

report data location: /usr/share/BlueToolkit/bluekit/AA:BB:CC:DD:EE:FF/report.csv To review a report you can export it as JSON or CSV to Excel or any other tool you need. AA:BB:CC:DD:EE:FF is a MAC address for a target device

Reviewing PCAP Data

So far there are 2 variants Braktooth or Internalblue wireshark installations. for braktooth exploits, you can use the following Wireshark binary that can be found at /usr/share/BlueToolkit/modules/tools/braktooth/wdissector/bin/wireshark If you use a VM, you can install Braktooth on your machine, without writing to the development board, that way you would be able to access a Wireshark binary.

For Internalblue you can use the following script

#!/bin/bash

sudo apt install git python3-setuptools binutils-arm-linux-gnueabi adb python3-pip python3-dev gcc
python3 -m pip install https://github.com/seemoo-lab/internalblue/archive/master.zip

sudo apt-get install wireshark-dev wireshark cmake
git clone https://github.com/seemoo-lab/h4bcm_wireshark_dissector
cd h4bcm_wireshark_dissector
mkdir build
cd build
cmake ..
make
make install

python3 -m pip install cmd2 pure-python-adb pwntools pyelftools
cd ../..

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

4 hours ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

5 hours ago

What is SIEM? Complete Guide to Security Information and Event Management

Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…

15 hours ago

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

1 day ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

2 days ago

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

2 days ago