O'Reilly logo

IoT Penetration Testing Cookbook by Aditya Gupta, Aaron Guzman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Proxying or mirroring traffic during device updates

Sometimes acquiring firmware via a vendor's site may not be an option and you will have to perform step 2, proxying traffic during device updates, or step 3, dumping the firmware directly from the device itself. In order to proxy traffic during device updates, you must be man-in-the-middle (MITM) or mirror the device traffic during an update function. Alternatively, the web or mobile application can also be proxied in order to grab the URL for the firmware download.

You may have to adjust the user-agent header as well since vendors have been known to verify this value for firmware downloads. The following are the basic steps that can be taken to perform MITM on a device to monitor traffic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required