The wireless technology that is most commonly used in life is Bluetooth. In this article we will demonstrate how to sniff Bluetooth devices in Kali.

Preparation

usb Bluetooth device (vm cannot recognize the Bluetooth included) Raspberry Pi (supports Bluetooth)

Enable Bluetooth Device

We often use ifconfig iwconfig and other commands in Linux to view network card and network situations. We can use the hciconfig command to view Bluetooth.

Like wireless network cards, we can use the up down command to load and remove Bluetooth devices.

hciconfig hci0 up

hciconfig hci0 down

Scan Bluetooth devices

We can use the hcitool command to scan and discover surrounding Bluetooth devices.

hcitool scan

As mentioned above, we scanned two Bluetooth devices. Get the device name hcitool name A4:55:90:AC:BC:21

Scan Service

Through the sdptool command, we can see more information about communication, protocol, and maybe we can even start to discover if there are vulnerabilities in the device, or whether we can communicate with it directly. We can even find out whether it is randomized using MAC address or similar.

sdptool browser A4:55:90:AC:BC:21

Forced connection to Bluetooth devices

BlueRanger is a simple bash script for link quality positioning Bluetooth device radios. It issues L2CAP (Bluetooth) ping to create connections between Bluetooth interfaces, as most devices allow pings without any authentication or authorization.

blueranger hci0 00:93:37:F0:4E:51

Other connection methods

We can use the bluetoothctl command to connect to Bluetooth devices. Enter the bluetoothctl command and execute scan on to scan the device.

pair

pair 00:93:37:F0:4E:51