TransWikia.com

Spoofing DNS to intercept iot traffic

Reverse Engineering Asked by dotvav on September 30, 2021

I’ve got a bunch of IoT devices that can only be controlled through the Internet, as all their traffic goes through their own "cloud" server. I want to reclaim full control and low latency on my AC unit.

The device doesn’t offer a way to configure a proxy.

I am considering the following:

  • install PiHole on my network (I want that for other reasons too)
  • get PiHole to snitch what DNS queries the device is making
  • configure PiHole to hijack the control server name and route http requests to a server of mine
  • have this server log all the traffic an pass it through to the legit control server
  • then reverse engineer this logged traffic and implement my own control server

This is going to work only if the device is making http requests to a domain name (and not if it is making them directly to an ip adress). Https could be an issue too.

Does any software exist already, with the kind of MITM features I am looking for: copy and dump the http traffic? Anything simpler than the above?

networking

One Answer

Does any software exist already, with the kind of MITM features I am looking for: copy and dump the http traffic? Anything simpler than the above?

Yes, you could put your IoT devices behind a system acting as their router. This way, all of their internet-bound traffic traversers the router, and you can monitor everything passively from there. The router can serve DNS, which you will be able to customize to do what you'd like. On the router, you could run a simple packet capture with tcpdump, intercept HTTP using mitmproxy, and/or redirect all traffic to a server of your choice.

Answered by multithr3at3d on September 30, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP