SetecLabs/cam-mitm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

README: document generic core vs camera plugin file layout

Browse Source 
Add a section explaining the relationship to setec-mitm and which files
are generic core vs camera-specific. No file moves — clone-and-run UX
preserved.
This commit is contained in:
sssnake
2026-04-09 08:46:27 -07:00
parent 800052acc2
commit 54934f4ccd
1 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
README.md
View File

@@ -2,6 +2,40 @@
A modular IoT camera pentesting toolkit for intercepting, analyzing, and testing the security of cloud-connected IP cameras. Built for authorized security research on devices you own. A modular IoT camera pentesting toolkit for intercepting, analyzing, and testing the security of cloud-connected IP cameras. Built for authorized security research on devices you own.
> **This is the camera-specific case study fork.** It bundles the generic [setec-mitm](https://repo.seteclabs.io/SetecLabs/setec-mitm) core *plus* a fully built-out target plugin for the Javiscam 2604 / UBox / UBIA camera family — UBox cloud client, OAM HMAC forging, CVE-2025-12636 / CVE-2021-28372 / CVE-2023-6322 verifiers, firmware multi-version fetcher, OTA bucket probe, and a 146-endpoint API fuzzer wordlist. It's the engine that produced the **[camhak.seteclabs.io](https://camhak.seteclabs.io)** research report. Clone, run, point at the camera. No additional setup.
> If you want the bare framework without any of the camera-specific code, use [setec-mitm](https://repo.seteclabs.io/SetecLabs/setec-mitm) instead. Both share the same core; cam-mitm is what you get when you fill in the `targets/javiscam_2604/` plugin slot all the way.
## File layout — generic core vs camera-specific
The same code organisation that setec-mitm formalises with its `targets/` plugin system is present here, just inlined into the top-level directories. Mapping:
| File / dir | Generic core or camera plugin? |
|---|---|
| `mitm.py`, `gui.py` | **Generic core** — Controller + PyQt6 GUI + curses TUI |
| `services/arp_spoof.py` | **Generic core** |
| `services/dns_spoof.py` | **Generic core** |
| `services/http_server.py` | **Generic core** (peek-before-wrap on :443) |
| `services/udp_listener.py` | **Generic core** |
| `services/sniffer.py` | **Generic core** (conntrack original-dst lookup, protocol fingerprinting) |
| `services/intruder_watch.py` | **Generic core** |
| `inject/packet.py` | **Generic core** |
| `utils/log.py` | **Generic core** (1 GiB rotation) |
| `utils/proto.py` | **Generic core** (12+ protocol fingerprints) |
| `regen_cert.sh` | **Generic core** |
| `api/server.py` | **Generic core** (REST API on :9090) |
| `api/ubox_client.py` | **Camera plugin** — UBox cloud client + OAM HMAC signing |
| `api/firmware_fetch.py` | **Camera plugin** — multi-version `check_version/v3` caller |
| `api/ota_bucket_probe.py` | **Camera plugin** — Tencent COS OTA bucket enumerator |
| `api/cve_checks.py` | **Camera plugin** — CVE-2025-12636 / CVE-2021-28372 / CVE-2023-6322 verifiers |
| `api/fuzzer.py` | **Camera plugin** — 146 hardcoded UBox endpoints + ~600 wordlist |
| `gui.py` Cloud API tab | **Camera plugin** UI |
| `gui.py` Fuzzer tab | **Camera plugin** UI |
| `gui.py` CVEs tab | **Camera plugin** UI |
| `site/` | **Camera research output** — published as `camhak.seteclabs.io` |
If you want to retarget this engine at a different device, the cleaner path is to use the generic [setec-mitm](https://repo.seteclabs.io/SetecLabs/setec-mitm) and write your own `targets/<your_brand>/plugin.py` rather than fork this one.
## Features ## Features
- **ARP Spoofing** — MITM positioning between camera and gateway with automatic ARP table restoration on exit - **ARP Spoofing** — MITM positioning between camera and gateway with automatic ARP table restoration on exit