Spooftooph is a Bluetooth spoofing tool in Kali Linux that automates cloning or changing a device's name, class, and address (BD_ADDR) for wireless security testing. This guide walks through a complete lab setup with step‑by‑step commands and suggested screenshots you can capture.
https://www.kali.org/tools/spooftooph/
What is Spooftooph?
Spooftooph is designed to automate spoofing or cloning Bluetooth device information such as name, device class, and address. Cloning this information lets a Bluetooth device hide in plain sight by imitating another device in discoverable mode.
https://thehackernews.com/2012/03/spooftooph-05-automate-cloning-of.html
Legal note: Only use this in your own lab, on devices you own or where you have written permission.
Lab prerequisites
Use a simple lab so readers can easily follow along.
- Kali Linux with Bluetooth stack (BlueZ) and one Bluetooth interface (internal or USB).
https://wiki.elvis.science/index.php?title=Bluetooth_Spoofing
At least one test target device (your phone or Bluetooth speaker).
https://wiki.elvis.science/index.php?title=Bluetooth_Spoofing
Step 1 — Install and verify Spooftooph
Spooftooph is in the Kali repositories and often comes pre‑installed.
bash sudo apt update
sudo apt install spooftooph
Check that it installed correctly:
spooftooph -hYou should see something like:
spooftooph v0.5.2 by JP Dunning (.ronin)
...
-a <address> : Specify new BD_ADDR
-b <num_lines> : Number of Bluetooth profiles to display per page
-c <class> : Specify new CLASS
-i <dev> : Specify interface
-n <name> : Specify new NAME
-r <file> : Read in CSV logfile
-R : Assign random NAME, CLASS, and ADDR
-s : Scan for devices in local area
-t <time> : Time interval to clone device in range
-w <file> : Write to CSV logfileStep 2 — Prepare and inspect your Bluetooth adapter
First, identify your Bluetooth interface:
hciconfig -aLook for an interface like hci0, its MAC address, name, and whether it is UP or DOWN.
https://hackers-arise.com/bluetooth-hacking-part-1-getting-started-with-bluetooth/
If it is down, bring it up:
sudo hciconfig hci0 up
hciconfig -a hci0Step 3 — Quick option overview
You will use a small set of core options most of the time:
-i <dev>– Bluetooth interface (e.g.,hci0).-n <name>– new device name.-a <address>– new Bluetooth MAC (BD_ADDR).-c <class>– new device class.-s– scan for devices.-R– random name, class, and address.-w <file>– write discovered profiles to CSV.-r <file>– read profiles from CSV.
You can keep a small code block in the article with these for quick reference.
Step 4 — Example 1: Create a custom spoofed profile
In this first lab, you will turn your adapter into a fake "LabSpeaker".
Choose values:
- Name:
LabSpeaker
Address: 00:11:22:33:44:55
- Class:
0x1c010c(example audio device class)
Run:
sudo spooftooph -i hci0 -n "LabSpeaker" -a 00:11:22:33:44:55 -c 0x1c010cThis tells Spooftooph to assign the new name, class, and address to hci0.
Verify:
hciconfig -a hci0Check that the name, address and class now match the values you set.
Now, on your test phone:
Turn on Bluetooth and open the list of nearby devices.
- Look for a device named "LabSpeaker".
Step 5 — Example 2: Scan and log nearby devices
Next, you will scan for your own lab devices and save their profiles to a CSV file.
Put your test device into Bluetooth discoverable mode.
Run:
sudo spooftooph -i hci0 -s -w bt_scan_log.cvs-w bt_scan_log.csvwrites results to a CSV log.- Let it run for a few seconds, then stop with
Ctrl + C.
View the log:
cat bt_scan_log.csvYou should see entries with MAC address, name, and class for each discovered device, including your phone/speaker.
Step 6 — Example 3: Clone a device from the CSV log
Now you will clone one of the devices found in your log (again, only your own lab device).
Find the row in bt_scan_log.csv with the device you want to clone and note:
- MAC address (BD_ADDR).
- Device name.
- Device class.
Many builds of Spooftooph support reading a CSV file and selecting a profile:
sudo spooftooph -i hci0 -r bt_scan_log.csvThis mode shows stored profiles (paged with -b <num_lines>) and lets you select which one to clone.
If your exact build does not provide an interactive picker, simply copy the values manually and run:
sudo spooftooph -i hci0 -n "RealDeviceName" -a AA:BB:CC:DD:EE:FF -c 0xXXXXXXXXThis manually recreates the profile that was logged.
Verify again:
hciconfig -a hci0Then confirm on your phone that the spoofed device appears with the same name as the original.
Step 7 — Example 4: Randomize your Bluetooth identity
Spooftooph can also generate random profiles, useful for privacy or evasion labs.
Run:
sudo spooftooph -i hci0 -R
hciconfig -a hci0The tool assigns a random name, class, and address to the interface.
You can run it multiple times to show how the identity keeps changing.
Step 8 — Example 5: Timed cloning (advanced lab)
Spooftooph also supports cloning devices at a regular interval, which is useful for more advanced monitoring labs.
For example:
sudo spooftooph -i hci0 -s -t 10 -w bt_timed.csv-sscans for devices.-t 10sets a 10‑second interval for cloning devices in range.-w bt_timed.csvlogs discovered profiles.
You can then watch how your monitoring tools or other scanners behave when the identity keeps hopping between devices.
Step 9 — Defensive perspective and next steps
Bluetooth spoofing techniques like these are part of wider wireless security testing, including attacks such as bluejacking, bluebugging, and device impersonation. Good defenders use these tools in controlled labs to understand how attackers might abuse weak configurations.
Basic defensive tips you can include for readers:
Disable Bluetooth when not needed and avoid "always discoverable" mode.
Reject unexpected pairing requests and keep firmware and OS fully updated.
Monitor for abnormal Bluetooth devices or duplicate identities in sensitive environments.