See If You Can Find It

Tuesday, June 9, 2020

Tools: Android- Fing and Bluetooth LE Scanner [Watch_Dogs]

    Ever wanted to feel like you're Aiden Pearce, walking around, hacking peoples phones, cars, homes, traffic lights, and everything else connected to CTOS all from your phone? Today, I'm going to give you a couple tools you can use for some reconnaissance.

Now, looking at this screenshot of my phones home screen, you'll see quite a few fun little apps. Today I'm talking about Fing and Bluetooth LE Scanner. 


Fing is a network scanner and service discovery tool, originally only available as a mobile app. To use it, launch the app. You'll need to be connected to a WiFi network in order for it to function. The app is changing all the time, so by the time you read this, it may be different for you, but here's what you should see when you first open it up:

This has some great information to look at. The blurred portion is the network name (sorry, not giving mine out!), then you have your router model, channel number, frequency band, and signal strength. Let's scan the network and see what all is on the network:

Voila! Here you have each device connected to the network with its host name, internal IP address, device type, and in some cases a MAC address. From here, you can select a device, view more detailed information about it, and even perform a port scan. Notice the arrow next to port 80. This will lead you to a new page, where you can connect to that service using whatever client is required (given that it's installed on your device):


This one is interesting. Using the built in scanner on your phone, you normally can't see any devices using Bluetooth unless that device is accepting connections. With this app, you can see any device that has its Bluetooth turned on. Just allow the permissions it asks for, make sure your Bluetooth is turned on, and hit scan:

Once you have this information, you can spoof a connection and have some fun!

    Now, you may not have a profiler and be able to steal loads of cash from someone's account with the press of a button, but you gotta start somewhere, right?

No comments:

Post a Comment