Wireshark+UbertoothOne抓蓝牙流量包
Wireshark+Ubertooth One抓蓝牙流量包
安装依赖
sudo apt install cmake libusb-1.0-0-dev make gcc g++ libbluetooth-dev wget \
pkg-config python3-numpy python3-qtpy python3-distutils python3-setuptools
安装libbtbb
wget https://github.com/greatscottgadgets/libbtbb/archive/2020-12-R1.tar.gz -O libbtbb-2020-12-R1.tar.gz
tar -xf libbtbb-2020-12-R1.tar.gz
cd libbtbb-2020-12-R1
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig
安装ubertooth tools
wget https://github.com/greatscottgadgets/ubertooth/releases/download/2020-12-R1/ubertooth-2020-12-R1.tar.xz
tar -xf ubertooth-2020-12-R1.tar.xz
cd ubertooth-2020-12-R1/host
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig
给ubertooth升级固件
在 github 上找到 release 里面的的压缩包,在里面找到 bluetooth_rxtx.dfu 以后拷贝出来
运行命令就自动升级了,在虚拟机里面会断开连接,问题不大再连接就行了
ubertooth-dfu -d bluetooth_rxtx.dfu -r
安装wireshark
sudo apt-get install wireshark wireshark-dev libwireshark-dev cmake
配置 BTBB 和 BREDR 插件
cd libbtbb-2020-12-R1/wireshark/plugins/btbb
mkdir build
cd build
cmake -DCMAKE_INSTALL_LIBDIR=/usr/lib/x86_64-linux-gnu/wireshark/libwireshark3/plugins ..
make
sudo make install
回到之前的目录
cd libbtbb-2020-12-R1/wireshark/plugins/btbredr
mkdir build
cd build
cmake -DCMAKE_INSTALL_LIBDIR=/usr/lib/x86_64-linux-gnu/wireshark/libwireshark3/plugins ..
make
sudo make install
【这里如果提示没有python使用先whereis python3然后再sudo ln -s /usr/bin/python3 /usr/bin/python】
安装BLE解密工具crackle
git clone https://github.com/mikeryan/crackle.git
cd crackle
make
make install
抓BLE流量
创建通信管道
mkfifo /tmp/pipe
在命令行输入 wireshark 打开 wireshark,然后点击 捕获 -> 选项
管理接口
新建一个管道 /tmp/pipe
点击开始抓包,新开一个终端,插入 ubertooth one 后输入 ubertooth-btle -f -c /tmp/pipe
就可以看到流量在终端里显示了,同时 wireshark 里也会捕获到流量
抓经典蓝牙流量
用这个 ubertooth-rx -r test.pcapng 是可以抓到少量经典蓝牙流量的,但是,没啥用展示的东西相当少,在 github 上项目贡献者说真想抓经典蓝牙还得是 Ellisys 或者 Frontline 这类专业工具
