IoT Hacking – Netgear AC1750 NightHawk – Network Traffic Interception
In this video we will show the interception of encrypted TLS communications that the Netgear router makes to its cloud backend.
mitmrouter github page:
https://github.com/nmatt0/mitmrouter
IoT Hackers Hangout Community Discord Invite:
https://discord.com/invite/vgAcxYdJ7A
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: https://amzn.to/4dIhNWy
Multimeter: https://amzn.to/4b9cUUG
Power Supply: https://amzn.to/3QBNSpb
Oscilloscope: https://amzn.to/3UzoAZM
Logic Analyzer: https://amzn.to/4a9IfFu
USB UART Adapter: https://amzn.to/4aaCOGt
iFixit Toolkit: https://amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: https://amzn.to/4dygJEv
Microsoldering Pencil: https://amzn.to/4dxPHwY
Microsoldering Tips: https://amzn.to/3QyKhrT
Rework Station: https://amzn.to/3JOPV5x
Air Extraction: https://amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: https://amzn.to/4abMMao
Microscope 0.7X Lens: https://amzn.to/3wrV1S8
Microscope LED Ring Light: https://amzn.to/4btqiTm
Microscope Camera: https://amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I’m an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
– Soli Deo Gloria
💻 Social:
twitter: https://twitter.com/nmatt0
linkedin: https://www.linkedin.com/in/mattbrwn/
github: https://github.com/nmatt0/
#hacking #iot #cybersecurity #reverseengineering #wireshark
by Matt Brown
linux dns server
I have this exact router collecting dust, about to hack into it! Thanks for the content.
Good to see some genuine content. I'm definitely still learning this stuff, so really appreciate the explanation and detail. Keep 'em comming!
Awesome content brother keep it up
Awesome! I didn't know about this "–bind" option from mount command. In time, what is the name of the text http debbuger that you have used?
Really looking forward to the discord server. I believe it will be fun for you and others. While you were hovering over the bash script you wrote I noticed that I don't have enough knowledge about linux network controls. Do you suggest any reading content(books, blog, etc.) about those or archwiki is enough ? 😀
This is the good stuff!
Another Amazing Video Matt, thanks for sharing your process and making the repo public. Will definitely be using this tool in the future. Discord!
Thanks for another awesome video Matt! I'm excited to see the Discord community 🙂
As you might already know, Netgear has a public bug bounty program for their Nighthawk line of routers via Bugcrowd. If you do find a vulnerability worth reporting to them, it'd be really cool to see what a writeup for something like that looks like. I don't believe I've seen any other IoT pentesters go over how things like that work. Thanks for the video, best regards.
I'm a new subscriber and i like the consistency you're putting in, loving the contents
The DNS service is providing different IPs is due to the load balancing algorithm used by the provider (in this case Akamai). Even with a script that would query the DNS for A records periodically, they can pop in/out IPs that might not be covered by current resolution. One approach would be to pin (in /etc/hosts, or dnsmasq) that host to one of the resolved ip addresses, and clear clients DNS cache. This too has its downsides, as they can exclude that ip from serving DNS requests for the intended domain….but chances are, your test time, is covered.
15:00 perfect live example of why terminal throughput actually matters. Casey Muratori was right
Great video thx
Try using dig command instead of nslookup
do you make a video about WAN interface testing?
hello Matt, do you use qemu to emu some hardware ? or you just buy and debug on the real device ? Thanks
Great repo Matt. Looking forward to check it out.