killchain-compendium/Exploits/IoT/Messaging_Protocols.md

31 lines
998 B
Markdown

# Message Protocols
## Where to begin
* __Communication Sniffing__ on unsecured connections
* __Source code analysis__
* __Documentation__
## Message Queueing Telemetry Transport (MQTT)
Queues on a Broker are used through a __publish/subscribe__ model as an asynchronous connection in the following way
* Publisher sends data to a queue of the broker
* Broker holds the message in Topics (queues) for period of time
* Subscriber may connect and get the message from the Broker via Topics
### Tools & Usage
* `nmap` to list the topics
* Use `MQTT-Explorer` for intel
* `mosquitto_sub -h <hostname> -t <topic>` to subscribe to topics or query the device ID. Listen to all topics via
```sh
mosquitto_sub -h <hostname> -t '#'
```
* `mosquitto_pub -h ` to publish to topics through mentioning the device ID. Can be send as raw, xml or json. `-f` for file sending
* Base64 encoding
## References
* [Mosquitto usage](https://cedalo.com/blog/mqtt-subscribe-publish-mosquitto-pub-sub-example/)