killchain-compendium/Exploits/IoT/Messaging_Protocols.md

Message Protocols

Where to begin

• Communication Sniffing on unsecured connections
• Source code analysis
• Documentation

Message Queueing Telemetry Transport (MQTT)

Queues on a Broker are used through a publish/subscribe model as an asynchronous connection in the following way

• Publisher sends data to a queue of the broker
• Broker holds the message in Topics (queues) for period of time
• Subscriber may connect and get the message from the Broker via Topics

Tools & Usage

• nmap to list the topics
• Use MQTT-Explorer for intel
• mosquitto_sub -h <hostname> -t <topic> to subscribe to topics or query the device ID. Listen to all topics via

mosquitto_sub -h <hostname> -t '#'

• mosquitto_pub -h to publish to topics through mentioning the device ID. Can be send as raw, xml or json. -f for file sending
  • Base64 encoding