This repository contains the scripts used in our paper, "Through the Spyglass: Towards IoT Companion App Man-in-the-Middle Attacks" [bib] [pdf]
These scripts rely on mitmrpoxy. See https://docs.mitmproxy.org/stable/overview-installation/ for installing mitmproxy.
Start a script with the (-s) option for either mitmproxy or mitmweb
mitmweb -s <script.py>
hiding users on the devices:
clearing logs on the devices:
revealing sensitive information:
manipulating integrity of images:
- roku-image-spoof.py
- google-home-spoof.py
- momentum-camera-spoof.py
- nest-camera-spoof.py
- wyze-camera-spoof.py
controlling state of devices: