Fuzz Testing with the Bluetooth File Transfer Profile (FTP) and Bluetooth Object Push Profile (OPP) Protocols

Overview

This topic describes how to test the Bluetooth FTP and Bluetooth OPP protocols in beSTORM.

Testing environment

  • beSTORM 13.4 or later (licensed)

  • Windows 10 or later

  • beSTORM BT Router

  • A device-under-test (DUT) that supports Bluetooth FTP or OPP protocols as a server.

NOTE: Depending on your DUT and the current Bluetooth devices installed on your computer, your settings and testing information may vary from the images shown in this topic.

Setup and testing

To begin testing, do the following:

  1. Open Settings in Windows and under Bluetooth & other devices, confirm Bluetooth is set to On.

  2. Pair your DUT device with your computer. This guide will use an Android-based phone.

    NOTE: If your DUT appears disconnected, the Bluetooth File Transfer protocol will connect it in a later step.
    IMPORTANT: If your DUT, the computer running beSTORM, or beSTORM BT Router are connected to a VPN, disconnect them from the VPN before proceeding with the next steps.

  3. Open beSTORM BT Router.

  4. From the Devices list, select your DUT.

  5. From the Bluetooth Profiles list, select File Transfer Profile (FTP) or Object Push Profile (OPP). This guide will use the File Transfer Profile (FTP) option.

  6. Select Start. The BT Router will establish a connection with the DUT and then display “Established FTP link with device address: <DUT address> in port <FTP port>.”

Fuzzing with beSTORM

To create a new project and begin fuzzing with beSTORM, do the following:

  1. Right-click beSTORM_Client.exe (C:\Program Files (x86)\beSTORM), and then select Run as administrator to open beSTORM Client.

  2. Select New Project. The beSTORM New Project Wizard opens.

  3. On the Welcome page, do the following:

    1. In the Project Name box, enter a name.

    2. Optionally, select a different file location for your project in the Location Name box.

    3. Leave all other parameters to their default settings.

  4. Select Next.

  5. On the Basic Configuration page, do the following:

    1. In the beSTORM's predefined modules list, select Bluetooth File Transfer Profile from Network / Client / UDP group.

    2. In the Hostname or IP address box, enter the IP address of the computer hosting beSTORM BT Router.

    3. In the Remote Port box, enter 1521.

      1. The IP address of the computer hosting the BT Router may not use the usual local IP address 127.0.0.1. To discover its current IP address, do the following:

        1. In the Windows search box, enter Command Prompt.

        2. In the search results, right-click Command Prompt, and then select Run as administrator.

        3. Enter netstat -nab, and then run the command.

        4. Find the beSTORM BT Router.exe process connection listening on port 1521 and make note of the corresponding IP address.

  6. Select Next.

  7. On the Module Environment page, review your parameter settings for the module.

  8. Select Next.

  9. On the Extra Configuration page, leave all parameters to their default settings.

  10. Select Next.

  11. On the Complete beSTORM wizard page, select Finish to start testing, or clear the Auto-start beSTORM scan now checkbox to exit the wizard and test later.

  12. If you chose to start testing, combinations being tested will appear under Combinations Covered in the beSTORM Client.