Re: [umit-devel] UmitBT 0.8 released

[devtar <devtar () gmail com>]

Congratulations!  Traditionally UMIT/Zenmap/Nmap have only dealt with
IP-layer protocols, with a little bit of ARP thrown in for efficiency.
Adding Bluetooth is an interesting extension.  I use a lot of BT
devices, so I can definitely see the value.

In many ways, UmitBT has more in common with a tool such as Kismet
than with Umit/Zenmap/Nmap.  I'm not sure that Nmap will ever want to
find WAPs or BT devices (one could argue that it is bloat considering
Nmap's core mission), but it is an interesting idea.

Actually, this sort of thing (Nmap WAP/BT discovery, not all of
UmitBT) could potentially be written as an Nmap NSE script which
executes the proper commands if they exist (e.g. 'iwlist ap') and
parses the data for nice Nmap presentation.  Presumably an equivalent
could be done for Bluetooth.  The value would mostly just be in having
a portable way to list the accessible WAPs (or BT devices) and see the
results in a consistent format.  You could then join the discovered
Wifi network (or pair with a BT device to tether IP through) and start
more serious IP scanning.  I'm not sure if those scripts would be
useful to people or not, but it is definitely an interesting thought
experiment.

It should be straightforward on Linux assuming your tapping into Bluez.
The issue would be diverse on Windows as there are various implementations
depending on your Bluetooth Stack(Microsoft, Widcomm, Broadcom).

Do either of your screen shots on the UmitBT page show SDP discovery
scan results?  The page says they are turned off by default because
the scan "would take a considerable amount of time to complete".  How
long does it usually take?  What sort of data do you get back?

The screenshot of UmitBT running on Windows has SDP discovery enabled
with its results displayed (OBEX Object Push, File Transfer OBEX). The
screenshot can be found on the website. SDP discovery is turned off by
default
because it takes about 20 seconds to 1 minute per device depending on the
environment and amount of SDP services. The scan returns a list of
SDP services along with its details such as service
name,description,protocol
and channel.

I've CC'd nmap-dev in case some of them want to take a look at UmitBT.
Just as with WiFi detectors such as Kismet, I do think Bluetooth
discovery tools are important.  Adding it to Umit still strikes me as
a bit strange (just as UmitWeb does), but that doesn't make it any
less interesting or less worth trying out!

Thanks. We need the support of the community to move forward with
the Bluetooth Sniffer
idea<http://www.umitproject.org/?active=gsoc&mode=ideas>for GSoC 09.

Cheers,
Devtar

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org