800052acc2
Original tooling from the Camhak research project (camera teardown of a
rebranded UBIA / Javiscam IP camera). PyQt6 GUI on top of a curses TUI on
top of a service controller; per-service start/stop, intruder detection,
protocol fingerprinting, OAM HMAC signing, CVE verifiers, OTA bucket
probe, firmware fetcher, fuzzer, packet injection.
Tabs: Dashboard, Live Log, Intruders, Cloud API, Fuzzer, Inject, CVEs,
Config, Help. Real-time per-packet protocol detection, conntrack-based
original-destination lookup, log rotation at 1 GiB.
See SECURITY_PAPER.md for the full writeup, site/index.html for the
public report, README.md for usage. Run with:
sudo /usr/bin/python3 gui.py
Co-authored by Setec Labs.
SetecSuite — Camera MITM Framework
A modular IoT camera pentesting toolkit for intercepting, analyzing, and testing the security of cloud-connected IP cameras. Built for authorized security research on devices you own.
Features
- ARP Spoofing — MITM positioning between camera and gateway with automatic ARP table restoration on exit
- DNS Interception — Spoof cloud domain resolution to redirect camera traffic through your machine
- HTTP/HTTPS MITM — Auto-generated SSL certificates, full request/response logging with hex dumps
- Raw Packet Sniffer — Catches all camera traffic on any port, detects new connections in real-time
- UDP Capture — Dedicated listeners for P2P master services (port 10240) and other protocols
- Cloud API Client — Authenticate to vendor cloud APIs, enumerate devices, extract credentials and firmware info
- API Fuzzer — Endpoint discovery via wordlist, parameter mutation (SQLi, IDOR, type confusion, overflow), and authentication bypass testing
- Packet Injection — Craft and send raw UDP, ARP, DNS, and Ethernet frames
- REST API — External control interface on port 9090 for AI-assisted automated testing and integration with other tools
- TUI — Full terminal interface with scrolling logs, status bar, command history, and color-coded output
Requirements
- Linux (tested on Ubuntu/Debian ARM64 and x86_64)
- Python 3.10+
- Root access (required for raw sockets, ARP, iptables)
openssl(for certificate generation)
No external Python packages required — uses only the standard library.
Installation
git clone <repo_url> /path/to/setec_suite/cam-mitm
cd /path/to/setec_suite/cam-mitm
sudo python3 mitm.py
Usage
Quick Start
cd /home/snake/setec_suite/cam-mitm
sudo python3 mitm.py
TUI Commands
MITM Services
| Command | Description |
|---|---|
start |
Start all MITM services (ARP, DNS, HTTP/S, UDP, sniffer) |
stop |
Stop all services and restore ARP tables |
status |
Show running service status |
Configuration
| Command | Description |
|---|---|
config |
Show current settings |
set <key> <value> |
Change a setting |
save |
Save config to disk |
Configurable keys: camera_ip, camera_mac, our_ip, router_ip, iface, api_email, api_password, rest_port, fuzzer_threads, fuzzer_delay
Cloud API
| Command | Description |
|---|---|
login |
Authenticate to vendor cloud API |
devices |
List devices and extract credentials |
firmware |
Check firmware version |
services |
Query device cloud services |
families |
List account families/groups |
api <endpoint> |
Raw POST to any API endpoint |
Fuzzer
| Command | Description |
|---|---|
fuzz endpoints |
Discover hidden API endpoints via wordlist |
fuzz params <endpoint> |
Test parameter mutations on an endpoint |
fuzz auth |
Test authentication bypass techniques |
fuzz stop |
Stop a running fuzz job |
fuzz results |
Save results to JSON file |
Packet Injection
| Command | Description |
|---|---|
inject udp <ip> <port> <hex> |
Send a UDP packet with hex payload |
inject arp_reply <src_ip> <dst_ip> |
Send a spoofed ARP reply |
inject dns_query <domain> |
Send a DNS query |
REST API
The built-in REST API (default port 9090) enables external tool integration and AI-assisted automated testing workflows.
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /status |
Service status, flags, config |
| GET | /logs?count=N |
Recent log entries |
| GET | /devices |
Cached device list |
| GET | /config |
Current configuration |
| GET | /fuzz/results |
Fuzzer results |
| POST | /start |
Start MITM services |
| POST | /stop |
Stop MITM services |
| POST | /config |
Update config {"key": "value"} |
| POST | /command |
Execute TUI command {"cmd": "..."} |
| POST | /api |
Proxy cloud API call {"endpoint": "...", "data": {}} |
| POST | /fuzz/endpoints |
Start endpoint fuzzer |
| POST | /fuzz/params |
Start param fuzzer {"endpoint": "..."} |
| POST | /fuzz/auth |
Start auth bypass fuzzer |
| POST | /fuzz/stop |
Stop fuzzer |
| POST | /inject |
Send packet {"type": "udp", "dst_ip": "...", ...} |
Example: AI-Automated Testing
# Start MITM
curl -X POST http://localhost:9090/start
# Run endpoint fuzzer
curl -X POST http://localhost:9090/fuzz/endpoints
# Check results
curl http://localhost:9090/fuzz/results | python3 -m json.tool
# Send custom API request
curl -X POST http://localhost:9090/api \
-H "Content-Type: application/json" \
-d '{"endpoint": "user/device_list", "data": {}}'
# Inject a packet
curl -X POST http://localhost:9090/inject \
-H "Content-Type: application/json" \
-d '{"type": "udp", "dst_ip": "10.0.0.47", "dst_port": 10240, "payload": "deadbeef", "payload_hex": true}'
Project Structure
cam-mitm/
├── mitm.py # Entry point + TUI + controller
├── config.py # Persistent JSON configuration
├── services/
│ ├── arp_spoof.py # ARP cache poisoning
│ ├── dns_spoof.py # DNS response spoofing
│ ├── http_server.py # HTTP/HTTPS interception with SSL
│ ├── udp_listener.py # UDP protocol capture
│ └── sniffer.py # Raw packet monitor
├── api/
│ ├── ubox_client.py # Vendor cloud API client
│ ├── fuzzer.py # API security fuzzer
│ └── server.py # REST API for external integration
├── inject/
│ └── packet.py # Packet crafting and injection
└── utils/
└── log.py # Shared logging utilities
TUI Navigation
| Key | Action |
|---|---|
| Enter | Execute command |
| Up/Down Arrow | Command history |
| Page Up/Down | Scroll log |
| Home/End | Jump to oldest/newest log |
| Escape | Clear input |
| Ctrl+C | Graceful shutdown |
Legal
This tool is intended for authorized security testing on devices you own. Unauthorized interception of network traffic is illegal. Always obtain proper authorization before testing.
License
MIT
Author
sssnake — Setec Labs