cam-mitm/README.md

SetecSuite — Camera MITM Framework

A modular IoT camera pentesting toolkit for intercepting, analyzing, and testing the security of cloud-connected IP cameras. Built for authorized security research on devices you own.

Features

• ARP Spoofing — MITM positioning between camera and gateway with automatic ARP table restoration on exit
• DNS Interception — Spoof cloud domain resolution to redirect camera traffic through your machine
• HTTP/HTTPS MITM — Auto-generated SSL certificates, full request/response logging with hex dumps
• Raw Packet Sniffer — Catches all camera traffic on any port, detects new connections in real-time
• UDP Capture — Dedicated listeners for P2P master services (port 10240) and other protocols
• Cloud API Client — Authenticate to vendor cloud APIs, enumerate devices, extract credentials and firmware info
• API Fuzzer — Endpoint discovery via wordlist, parameter mutation (SQLi, IDOR, type confusion, overflow), and authentication bypass testing
• Packet Injection — Craft and send raw UDP, ARP, DNS, and Ethernet frames
• REST API — External control interface on port 9090 for AI-assisted automated testing and integration with other tools
• TUI — Full terminal interface with scrolling logs, status bar, command history, and color-coded output

Requirements

• Linux (tested on Ubuntu/Debian ARM64 and x86_64)
• Python 3.10+
• Root access (required for raw sockets, ARP, iptables)
• openssl (for certificate generation)

No external Python packages required — uses only the standard library.

Installation

git clone <repo_url> /path/to/setec_suite/cam-mitm
cd /path/to/setec_suite/cam-mitm
sudo python3 mitm.py

Usage

Quick Start

cd /home/snake/setec_suite/cam-mitm
sudo python3 mitm.py

TUI Commands

MITM Services

Command	Description
start	Start all MITM services (ARP, DNS, HTTP/S, UDP, sniffer)
stop	Stop all services and restore ARP tables
status	Show running service status

Configuration

Command	Description
config	Show current settings
set <key> <value>	Change a setting
save	Save config to disk

Configurable keys: camera_ip, camera_mac, our_ip, router_ip, iface, api_email, api_password, rest_port, fuzzer_threads, fuzzer_delay

Cloud API

Command	Description
login	Authenticate to vendor cloud API
devices	List devices and extract credentials
firmware	Check firmware version
services	Query device cloud services
families	List account families/groups
api <endpoint>	Raw POST to any API endpoint

Fuzzer

Command	Description
fuzz endpoints	Discover hidden API endpoints via wordlist
fuzz params <endpoint>	Test parameter mutations on an endpoint
fuzz auth	Test authentication bypass techniques
fuzz stop	Stop a running fuzz job
fuzz results	Save results to JSON file

Packet Injection

Command	Description
inject udp <ip> <port> <hex>	Send a UDP packet with hex payload
inject arp_reply <src_ip> <dst_ip>	Send a spoofed ARP reply
inject dns_query <domain>	Send a DNS query

REST API

The built-in REST API (default port 9090) enables external tool integration and AI-assisted automated testing workflows.

Endpoints

Method	Path	Description
GET	/status	Service status, flags, config
GET	/logs?count=N	Recent log entries
GET	/devices	Cached device list
GET	/config	Current configuration
GET	/fuzz/results	Fuzzer results
POST	/start	Start MITM services
POST	/stop	Stop MITM services
POST	/config	Update config {"key": "value"}
POST	/command	Execute TUI command {"cmd": "..."}
POST	/api	Proxy cloud API call {"endpoint": "...", "data": {}}
POST	/fuzz/endpoints	Start endpoint fuzzer
POST	/fuzz/params	Start param fuzzer {"endpoint": "..."}
POST	/fuzz/auth	Start auth bypass fuzzer
POST	/fuzz/stop	Stop fuzzer
POST	/inject	Send packet {"type": "udp", "dst_ip": "...", ...}

Example: AI-Automated Testing

# Start MITM
curl -X POST http://localhost:9090/start

# Run endpoint fuzzer
curl -X POST http://localhost:9090/fuzz/endpoints

# Check results
curl http://localhost:9090/fuzz/results | python3 -m json.tool

# Send custom API request
curl -X POST http://localhost:9090/api \
  -H "Content-Type: application/json" \
  -d '{"endpoint": "user/device_list", "data": {}}'

# Inject a packet
curl -X POST http://localhost:9090/inject \
  -H "Content-Type: application/json" \
  -d '{"type": "udp", "dst_ip": "10.0.0.47", "dst_port": 10240, "payload": "deadbeef", "payload_hex": true}'

Project Structure

cam-mitm/
├── mitm.py              # Entry point + TUI + controller
├── config.py            # Persistent JSON configuration
├── services/
│   ├── arp_spoof.py     # ARP cache poisoning
│   ├── dns_spoof.py     # DNS response spoofing
│   ├── http_server.py   # HTTP/HTTPS interception with SSL
│   ├── udp_listener.py  # UDP protocol capture
│   └── sniffer.py       # Raw packet monitor
├── api/
│   ├── ubox_client.py   # Vendor cloud API client
│   ├── fuzzer.py        # API security fuzzer
│   └── server.py        # REST API for external integration
├── inject/
│   └── packet.py        # Packet crafting and injection
└── utils/
    └── log.py           # Shared logging utilities

TUI Navigation

Key	Action
Enter	Execute command
Up/Down Arrow	Command history
Page Up/Down	Scroll log
Home/End	Jump to oldest/newest log
Escape	Clear input
Ctrl+C	Graceful shutdown

Legal

This tool is intended for authorized security testing on devices you own. Unauthorized interception of network traffic is illegal. Always obtain proper authorization before testing.

License

MIT

Author

sssnake — Setec Labs