# SetecSuite — Camera MITM Framework A modular IoT camera pentesting toolkit for intercepting, analyzing, and testing the security of cloud-connected IP cameras. Built for authorized security research on devices you own. ## Features - **ARP Spoofing** — MITM positioning between camera and gateway with automatic ARP table restoration on exit - **DNS Interception** — Spoof cloud domain resolution to redirect camera traffic through your machine - **HTTP/HTTPS MITM** — Auto-generated SSL certificates, full request/response logging with hex dumps - **Raw Packet Sniffer** — Catches all camera traffic on any port, detects new connections in real-time - **UDP Capture** — Dedicated listeners for P2P master services (port 10240) and other protocols - **Cloud API Client** — Authenticate to vendor cloud APIs, enumerate devices, extract credentials and firmware info - **API Fuzzer** — Endpoint discovery via wordlist, parameter mutation (SQLi, IDOR, type confusion, overflow), and authentication bypass testing - **Packet Injection** — Craft and send raw UDP, ARP, DNS, and Ethernet frames - **REST API** — External control interface on port 9090 for AI-assisted automated testing and integration with other tools - **TUI** — Full terminal interface with scrolling logs, status bar, command history, and color-coded output ## Requirements - Linux (tested on Ubuntu/Debian ARM64 and x86_64) - Python 3.10+ - Root access (required for raw sockets, ARP, iptables) - `openssl` (for certificate generation) No external Python packages required — uses only the standard library. ## Installation ```bash git clone /path/to/setec_suite/cam-mitm cd /path/to/setec_suite/cam-mitm sudo python3 mitm.py ``` ## Usage ### Quick Start ```bash cd /home/snake/setec_suite/cam-mitm sudo python3 mitm.py ``` ### TUI Commands #### MITM Services | Command | Description | |---------|-------------| | `start` | Start all MITM services (ARP, DNS, HTTP/S, UDP, sniffer) | | `stop` | Stop all services and restore ARP tables | | `status` | Show running service status | #### Configuration | Command | Description | |---------|-------------| | `config` | Show current settings | | `set ` | Change a setting | | `save` | Save config to disk | Configurable keys: `camera_ip`, `camera_mac`, `our_ip`, `router_ip`, `iface`, `api_email`, `api_password`, `rest_port`, `fuzzer_threads`, `fuzzer_delay` #### Cloud API | Command | Description | |---------|-------------| | `login` | Authenticate to vendor cloud API | | `devices` | List devices and extract credentials | | `firmware` | Check firmware version | | `services` | Query device cloud services | | `families` | List account families/groups | | `api ` | Raw POST to any API endpoint | #### Fuzzer | Command | Description | |---------|-------------| | `fuzz endpoints` | Discover hidden API endpoints via wordlist | | `fuzz params ` | Test parameter mutations on an endpoint | | `fuzz auth` | Test authentication bypass techniques | | `fuzz stop` | Stop a running fuzz job | | `fuzz results` | Save results to JSON file | #### Packet Injection | Command | Description | |---------|-------------| | `inject udp ` | Send a UDP packet with hex payload | | `inject arp_reply ` | Send a spoofed ARP reply | | `inject dns_query ` | Send a DNS query | ### REST API The built-in REST API (default port 9090) enables external tool integration and AI-assisted automated testing workflows. #### Endpoints | Method | Path | Description | |--------|------|-------------| | GET | `/status` | Service status, flags, config | | GET | `/logs?count=N` | Recent log entries | | GET | `/devices` | Cached device list | | GET | `/config` | Current configuration | | GET | `/fuzz/results` | Fuzzer results | | POST | `/start` | Start MITM services | | POST | `/stop` | Stop MITM services | | POST | `/config` | Update config `{"key": "value"}` | | POST | `/command` | Execute TUI command `{"cmd": "..."}` | | POST | `/api` | Proxy cloud API call `{"endpoint": "...", "data": {}}` | | POST | `/fuzz/endpoints` | Start endpoint fuzzer | | POST | `/fuzz/params` | Start param fuzzer `{"endpoint": "..."}` | | POST | `/fuzz/auth` | Start auth bypass fuzzer | | POST | `/fuzz/stop` | Stop fuzzer | | POST | `/inject` | Send packet `{"type": "udp", "dst_ip": "...", ...}` | #### Example: AI-Automated Testing ```bash # Start MITM curl -X POST http://localhost:9090/start # Run endpoint fuzzer curl -X POST http://localhost:9090/fuzz/endpoints # Check results curl http://localhost:9090/fuzz/results | python3 -m json.tool # Send custom API request curl -X POST http://localhost:9090/api \ -H "Content-Type: application/json" \ -d '{"endpoint": "user/device_list", "data": {}}' # Inject a packet curl -X POST http://localhost:9090/inject \ -H "Content-Type: application/json" \ -d '{"type": "udp", "dst_ip": "10.0.0.47", "dst_port": 10240, "payload": "deadbeef", "payload_hex": true}' ``` ## Project Structure ``` cam-mitm/ ├── mitm.py # Entry point + TUI + controller ├── config.py # Persistent JSON configuration ├── services/ │ ├── arp_spoof.py # ARP cache poisoning │ ├── dns_spoof.py # DNS response spoofing │ ├── http_server.py # HTTP/HTTPS interception with SSL │ ├── udp_listener.py # UDP protocol capture │ └── sniffer.py # Raw packet monitor ├── api/ │ ├── ubox_client.py # Vendor cloud API client │ ├── fuzzer.py # API security fuzzer │ └── server.py # REST API for external integration ├── inject/ │ └── packet.py # Packet crafting and injection └── utils/ └── log.py # Shared logging utilities ``` ## TUI Navigation | Key | Action | |-----|--------| | Enter | Execute command | | Up/Down Arrow | Command history | | Page Up/Down | Scroll log | | Home/End | Jump to oldest/newest log | | Escape | Clear input | | Ctrl+C | Graceful shutdown | ## Legal This tool is intended for authorized security testing on devices you own. Unauthorized interception of network traffic is illegal. Always obtain proper authorization before testing. ## License MIT ## Author sssnake — Setec Labs