sahilmgandhi / iotshark Goto Github PK

View Code? Open in Web Editor NEW

91.0 10.0 21.0 9.67 MB

IotShark - Monitoring and Analyzing IoT Traffic

Python 70.59% HTML 15.20% JavaScript 14.02% CSS 0.19%

iot flask-application scapy pyshark python3 security-audit

iotshark's Introduction

cs219-f19-final-project

IoTShark

This is our final project for CS 219 for the Fall 2019 quarter.

IoTShark is a IOT monitoring service that allows users to monitor their IOT devices for trends in data sent/received. Ordinarily, setting up a man in the middle attack with proper configurations can take up quite a bit of time, and may seem dauntingly impossible for those with little to no experience in computer security or even computer science.

IoTShark aims to provide a [nearly] fully automated solution for a user to monitor their IOT devices by simply running a single script. The user merely has to select which device they wish to monitor, and this program takes care of the rest of the heavy work by starting the ARP poisoning, setting up the packet forwarding and the man in the middle packet sniffer. It also has an easy to understand and interactive web UI where a user can filter the packets based on the ports, types, and timestamps to get a broader understanding of how much and when things are being transmitted.

We also aim to classify certain kinds of data such as heartbeat messages, data transfers, and anomalies, though the last one will likely be demonstrated on the un-encrypted RPi test since it is difficult to do anomaly detection without huge amounts of data (and we would require many devices and individuals to gather that much data).

How to run:

🚨🚨🚨 Please note that the following instructions have only been verified on MacOS. If you use Linux or Windows + WSL, your mileage may vary, and it might not work. 🚨🚨🚨

Install the required libraries: pip3 install -r requirements.txt
Set up the ip forwarding: sudo sysctl net.inet.ip.forwarding=1
Run the app: sudo python3 iotshark.py

The Main Script

Create a Python virtual envionment and install dependency packages.

virtualenv --python=`which python3` venv
source venv/bin/activate
pip install -r requirements.txt

Make sure packet forwarding is enabled on your local machine. This is necessary for man-in-the-middle attack to work. On macOS this can be done with:

sudo sysctl net.inet.ip.forwarding=1

Run the main program iotshark.py. See that script for accepted options.

Currently this program performs the following 4 actions:

Scan for all hosts either in the given subnet by the -s option or a set of common residential subnets
Discover the hardware vendor and OS of each host
Perform ARP poisoning between the selected host and gateway router
Output graphs of past captured data by the -f option followed by relative path to csv file

After ARP poisoning is running, you can examine traffic from the target device by Wireshark with a display filter like:

(ip.src==192.168.0.215 or ip.dst==192.168.0.215) and tcp.port != 443

Data File Format

The captured data is stored in a csv file with the following format:

{timestamp, incoming_bytes, outgoing_bytes, srcport, dstport, transfer_protocol, connection_protocol, srcip, dstip}

123123213, 0, 240, 36, 80, 65124, HTTP, UDP, 192.168.0.215, 104.24.4.5
123123240, 300, 0, 800, 443, 65125, HTTPS, TCP, 104.24.4.5, 192.168.0.215

Using the Tool to Sniff IoT Devices

For example, here is a long string that we can say to Alexa Echo Dot/Google Home while sniffing their traffic. Pay attention if the device is transmitting data before the wake word.

It is a dark and stormy night. My friends and I just came back from the Yosemite National Park, where the quick brown fox jumps over the lazy dog. Next week is Thanksgiving. Black Friday in 2019 is coming as well. It's a good time to do something exciting, such as taking a Computer Security class or a Programming Language class at UCLA. By the way, the first Airbus A380 jumbo jet is retiring. We like flying in that plane.

WAKE_WORD, what is the weather like in Los Angeles on Thanksgiving?

Anyways, we have Boeing 787 Dreamliners for cross-continental flights. The Web and Mobile System class with Ravi is amazing. We should upgrade the commercial laundry machine during the Black Friday sale. The bright and sunny weather is coming back and a trip to Joshua Tree National Park awaits. Well, I just saw a slow cat crashed into a new Android robot. There are some other robots made by Apple and Amazon too.

iotshark's People

Contributors

Stargazers

Watchers

iotshark's Issues

cannot stat /proc/sys/net/inet/ip/forwarding: No such file or directory

In WSL (Ubuntu 20 in Windows 10 ) When I run
sudo sysctl net.inet.ip.forwarding=1
I got error:
sysctl: cannot stat /proc/sys/net/inet/ip/forwarding: No such file or directory

PyObjC requires macOS to build

When I install the project in WSL :

pip3 install -r requirements.txt

I got an error:

Requirement already satisfied: certifi>=2019.9.11 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (2019.11.28)
Requirement already satisfied: chardet>=3.0.4 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (3.0.4)
Requirement already satisfied: Click>=7.0 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (7.0)
Collecting cycler>=0.10.0
  Downloading cycler-0.10.0-py2.py3-none-any.whl (6.5 kB)
Collecting Flask>=1.1.1
  Downloading Flask-2.0.2-py3-none-any.whl (95 kB)
     |████████████████████████████████| 95 kB 717 kB/s
Requirement already satisfied: idna>=2.8 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 6)) (2.8)
Collecting itsdangerous>=1.1.0
  Downloading itsdangerous-2.0.1-py3-none-any.whl (18 kB)
Collecting Jinja2>=2.10.3
  Downloading Jinja2-3.0.2-py3-none-any.whl (133 kB)
     |████████████████████████████████| 133 kB 3.2 MB/s
Collecting keyboard>=0.13.4
  Downloading keyboard-0.13.5-py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 3.1 MB/s
Collecting kiwisolver>=1.1.0
  Downloading kiwisolver-1.3.2-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl (1.2 MB)
     |████████████████████████████████| 1.2 MB 9.5 MB/s
Collecting lxml>=4.4.1
  Downloading lxml-4.6.3-cp38-cp38-manylinux2014_x86_64.whl (6.8 MB)
     |████████████████████████████████| 6.8 MB 10.8 MB/s
Collecting MarkupSafe>=1.1.1
  Downloading MarkupSafe-2.0.1-cp38-cp38-manylinux2010_x86_64.whl (30 kB)
Collecting matplotlib>=3.1.1
  Downloading matplotlib-3.4.3-cp38-cp38-manylinux1_x86_64.whl (10.3 MB)
     |████████████████████████████████| 10.3 MB 9.5 MB/s
Collecting numpy>=1.17.4
  Downloading numpy-1.21.3-cp38-cp38-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (15.7 MB)
     |████████████████████████████████| 15.7 MB 10.6 MB/s
Collecting pandas>=0.25.3
  Downloading pandas-1.3.4-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.5 MB)
     |████████████████████████████████| 11.5 MB 918 kB/s
Collecting plotly>=4.3.0
  Downloading plotly-5.3.1-py2.py3-none-any.whl (23.9 MB)
     |████████████████████████████████| 23.9 MB 8.7 MB/s
Collecting py>=1.8.0
  Downloading py-1.10.0-py2.py3-none-any.whl (97 kB)
     |████████████████████████████████| 97 kB 3.6 MB/s
Collecting pyobjc>=6.1
  Downloading pyobjc-7.3-py3-none-any.whl (3.0 kB)
Collecting pyobjc-core>=6.1
  Downloading pyobjc-core-7.3.tar.gz (684 kB)
     |████████████████████████████████| 684 kB 9.0 MB/s
    ERROR: Command errored out with exit status 1:
     command: /usr/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-9z6c7x75/pyobjc-core/setup.py'"'"'; __file__='"'"'/tmp/pip-install-9z6c7x75/pyobjc-core/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-9z6c7x75/pyobjc-core/pip-egg-info
         cwd: /tmp/pip-install-9z6c7x75/pyobjc-core/
    Complete output (2 lines):
    running egg_info
    error: PyObjC requires macOS to build
    ----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

sahilmgandhi / iotshark Goto Github PK

iotshark's Introduction

cs219-f19-final-project

IoTShark

How to run:

The Main Script

Data File Format

Using the Tool to Sniff IoT Devices

iotshark's People

Contributors

Stargazers

Watchers

Forkers

iotshark's Issues

cannot stat /proc/sys/net/inet/ip/forwarding: No such file or directory

PyObjC requires macOS to build

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent