Shulou(Shulou.com)05/31 Report--

This article is to share with you about what IotShark is. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

IoTShark

IoTShark is an Internet of things monitoring service platform, which can help researchers monitor the trend of data sent or received by their Internet of things devices. In general, it takes a long time to set up man-in-the-middle attack tests with proper configuration, which is almost impossible for those who have little experience in computer security or even computer science.

IoTShark aims to run a script for security researchers to provide an almost fully automated solution and monitor their Internet of things devices. Researchers only need to choose the device they want to monitor, and the program will handle the rest of the heavy work by launching ARP attacks, setting up packet forwarding and man-in-the-middle packet sniffers. It also has an easy-to-use and interactive Web UI that allows users to filter packets based on port, type, and timestamp to gain a broader understanding of the amount and time of data transmission.

In addition, IoTShark can also classify certain types of data, such as heartbeat messages, data transfers, exceptions, and so on.

Tool download

The majority of researchers can use the following commands to directly clone the source code of the project to the local:

Using the git clone https://github.com/sahilmgandhi/IotShark.git tool

Note that the proper operation of the tool requires the installation of the Python 3 environment.

First, run the following command to install the necessary dependent libraries for the tool:

$pip3-r requirements.txt

Next, set up IP forwarding:

$sudo sysctl net.inet.ip.forwarding=1

Finally, run IoTShark with the following command:

Sudo python3 mitm_main.py main program script

Create a Python Virtual virtual environment, and then install the relevant dependent component packages:

Virtualenv-- python= `which python 3` venv

Source venv/bin/activate

Python-r requirements.txt

Make sure that your local host enables packet forwarding, which is important for man-in-the-middle attacks. On macOS, we can configure it with the following command:

Sudo sysctl net.inet.ip.forwarding=1

After the configuration is complete, we can run the main program script "mitm_main.py".

The current version of the main program script does the following:

1. Scan all hosts in the target subnet. The subnet is configured with the-s parameter.

2. Scan the hardware manufacturer and operating system information of each host

3. Perform ARP attacks between the selected host and the gateway router

4. Output the captured data to the user graphically, which needs to be enabled with the-f parameter.

After the ARP attack is completed, we can test the capture traffic between the target devices through WireShark. The filter set is as follows:

(ip.src==192.168.0.215 or ip.dst==192.168.0.215) and tcp.port! = 443 data file format

The captured data is stored in csv file format, and the data structure format is as follows:

{timestamp, incoming_bytes, outgoing_bytes, srcport, dstport, transfer_protocol, connection_protocol, srcip, dstip} 123123213, 0240,36, 80, 65124, HTTP, UDP, 192.168.0.215,104.24.4.5123123240,300,0800,443,65125, HTTPS, TCP, 104.24.4.5, 192.168.0.215 Thank you for reading! This is the end of this article on "what is IotShark?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.