kali 蓝牙使用

1.打开蓝牙

输入指令查看蓝牙是否打开

hciconfig

通过刚才的指令可以看到蓝牙还未打开，接下来输入指令打开蓝牙。

service bluetooth start

或者是输入  systemctl start bluetooth.service

2.扫描蓝牙

hcitool scan

 RedFang

如果我们希望对蓝牙设备进行暴力破解，那么将会用到该工具。它主要是为了识别不可发现的蓝牙设备的概念性证明。仅仅因为查询扫描没有返回任何结果并不意味着没有蓝牙设备。它会帮助我们识别所有这些设备。通过该程序我们可以让它扫描出所有可能的地址，或者我们可以指定一个范围。

fang -r B9D43EC9DBBE-B998F756550C -s

 3.服务识别

我们可以查看该设备支持的功能

hcitool info B8:98:F7:56:55:0C

 为了获取配置文件，将使用服务发现协议使用sdptool 获取支持的位置文件列表。

sdptool browse B8:98:F7:56:55:0C

┌──(root㉿Suanlunce)-[~]
└─# sdptool browse B8:98:F7:56:55:0C
Browsing B8:98:F7:56:55:0C ...
Service RecHandle: 0x10001
Service Class ID List:
  "Generic Access" (0x1800)
Protocol Descriptor List:
  "L2CAP" (0x0100)
    PSM: 31
  "ATT" (0x0007)
    uint16: 0x0001
    uint16: 0x0005

Service Name: Headset Audio Gateway
Service RecHandle: 0x10002
Service Class ID List:
  "Headset Audio Gateway" (0x1112)
  "Generic Audio" (0x1203)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 1
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100
Profile Descriptor List:
  "Headset" (0x1108)
    Version: 0x0102

Service Name: Handsfree Audio Gateway
Service RecHandle: 0x10003
Service Class ID List:
  "Handsfree Audio Gateway" (0x111f)
  "Generic Audio" (0x1203)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 2
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100
Profile Descriptor List:
  "Handsfree" (0x111e)
    Version: 0x0106

Service Name: Network Access Point Service
Service Description: Bluetooth NAP Service
Service RecHandle: 0x10004
Service Class ID List:
  "Network Access Point" (0x1116)
Protocol Descriptor List:
  "L2CAP" (0x0100)
    PSM: 15
  "BNEP" (0x000f)
    Version: 0x0100
    SEQ8: 0 6
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100
Profile Descriptor List:
  "Network Access Point" (0x1116)
    Version: 0x0100

Service RecHandle: 0x10006
Service Class ID List:
  "AV Remote Target" (0x110c)
Protocol Descriptor List:
  "L2CAP" (0x0100)
    PSM: 23
  "AVCTP" (0x0017)
    uint16: 0x0100
Profile Descriptor List:
  "AV Remote" (0x110e)
    Version: 0x0103

Service RecHandle: 0x10007
Service Class ID List:
  "AV Remote Controller" (0x110f)
Protocol Descriptor List:
  "L2CAP" (0x0100)
    PSM: 23
  "AVCTP" (0x0017)
    uint16: 0x0100
Profile Descriptor List:
  "AV Remote" (0x110e)
    Version: 0x0100

Service Name: Advanced Audio
Service RecHandle: 0x10008
Service Class ID List:
  "Audio Source" (0x110a)
Protocol Descriptor List:
  "L2CAP" (0x0100)
    PSM: 25
  "AVDTP" (0x0019)
    uint16: 0x0102
Profile Descriptor List:
  "Advanced Audio" (0x110d)
    Version: 0x0102

Service Name: 000eSMS/MMS
Service RecHandle: 0x10009
Service Class ID List:
  "Message Access - MAS" (0x1132)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 21
  "OBEX" (0x0008)
Profile Descriptor List:
  "Message Access" (0x1134)
    Version: 0x0101

Service Name: OBEX Phonebook Access Server
Service RecHandle: 0x1000a
Service Class ID List:
  "Phonebook Access - PSE" (0x112f)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 22
  "OBEX" (0x0008)
Profile Descriptor List:
  "Phonebook Access" (0x1130)
    Version: 0x0101

Service Name: OBEX Object Push
Service RecHandle: 0x1000b
Service Class ID List:
  "OBEX Object Push" (0x1105)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 23
  "OBEX" (0x0008)
Profile Descriptor List:
  "OBEX Object Push" (0x1105)
    Version: 0x0100

 4.其它

blueranger hci0 B8:98:F7:56:55:0C

 

bluelog 该命令可以用于扫描或者其它脚本此工具的主要特征是可以根据已经找到的内容生成一个日志文件。保存在当前路径下。

bluelog