Telecap - Advanced Telemetry & Tracking Detection Tool

The first GitHub tool designed to detect hidden tracking, telemetry, and spyware packets via MITM attack

🚀 Overview

Telecap is an advanced network monitoring and analysis tool specifically designed to detect and capture hidden tracking, telemetry, and spyware packets across various platforms and manufacturers. Perfect for security researchers, pentesters, and privacy-conscious users.

✨ Features

• 🕵️‍♂️ Advanced Packet Capture - Real-time network traffic monitoring
• 🎯 Targeted Filtering - Pre-configured filters for major vendors:
  • Intel AMT & Telemetry
  • AMD Update Services
  • Samsung Telemetry
  • NVIDIA Drivers & Telemetry
  • Apple iCloud & Tracking
  • Cisco Enterprise Services
  • Broadcom Firmware Updates
• 🌐 MITM Capabilities - ARP spoofing for comprehensive analysis
• 📊 Multiple View Modes - Live view, file capture, or both
• 🔍 Custom Filters - Create your own detection rules
• 📱 WiFi Monitoring - Detect all devices on your network

🛠 Installation

One-Command Install

cd /tmp && git clone https://github.com/undercodeutilities/telecap.git && cd telecap && bash install

Alternative Methods

Quick Install (Zip)

wget -c https://github.com/undercodeutilities/telecap/archive/main.zip -O telecap.zip \
  && unzip telecap.zip \
  && cd telecap \
  && bash install

Git Clone

git clone https://github.com/undercodeutilities/telecap.git
cd telecap
bash install

⚡ Quick Start

Prerequisites

• Compatible WiFi adapter with monitor mode support
• Root privileges
• Required tools: tshark, arp-scan, dsniff, xterm (automatically installed by install script)

First Run

# After installation, run the tool
sudo u_capture

Quick Alias (Add to ~/.bashrc)

alias tcap='sudo u_capture'

🎯 Usage Guide

Basic Operation

1. Run the tool: sudo u_capture
2. Select interface: Choose your monitoring interface
3. Configure filters: Pick from pre-defined vendor filters or create custom
4. Scan network: Discover active hosts
5. Start monitoring: Begin packet capture and analysis

Filter Examples

• Intel Telemetry: AMT ports + telemetry domains
• Apple Tracking: iCloud services + analytics endpoints
• Samsung Spyware: Update servers + telemetry domains
• Custom Ports: Monitor specific ports only

Capture Modes

• 📊 Live View: Real-time packet display
• 💾 Save to File: Capture to pcap for later analysis
• 🔄 Both: Live view + simultaneous file saving

📁 File Structure

telecap/
├── install                    # Installation script
├── u_capture                 # Main executable script
├── u_systemcheck             # System compatibility checker
├── u_capture_future_instructions.txt  # Detailed usage guide
├── README.md                 # This documentation
├── LICENSE                   # MIT License
└── captures/                 # Default capture directory (created automatically)
    └── network_capture_*.pcap

🏗 System Architecture

graph TD
    ROOT["Telecap Core"] --> INTERFACE["Interface Detection"]
    ROOT --> FILTERS["Filter Engine"]
    ROOT --> CAPTURE["Packet Capture"]
    
    INTERFACE --> MONITOR["Monitor Mode"]
    INTERFACE --> STANDARD["Standard Mode"]
    
    FILTERS --> VENDOR["Vendor Filters"]
    FILTERS --> CUSTOM["Custom Filters"]
    FILTERS --> PORTS["Port-based"]
    
    CAPTURE --> LIVE["Live View"]
    CAPTURE --> SAVE["File Save"]
    CAPTURE --> MITM["MITM Analysis"]
    
    VENDOR --> INTEL["Intel"]
    VENDOR --> AMD["AMD"]
    VENDOR --> SAMSUNG["Samsung"]
    VENDOR --> NVIDIA["NVIDIA"]
    VENDOR --> APPLE["Apple"]
    VENDOR --> CISCO["Cisco"]
    VENDOR --> BROADCOM["Broadcom"]

Loading

🔧 Configuration

Default Settings

• Capture Location: /home/$USER/Desktop/u_captures/
• File Format: network_capture_YYYYMMDD_HHMMSS.pcap
• Default Filter: All traffic (configurable)

Customization

Edit the following variables in u_capture:

DESKTOP_PATH="/home/$USER/Desktop"  # Change capture location
CAPTURE_FILE="custom_name.pcap"     # Change file naming

🐛 Troubleshooting

Common Issues

# Check system compatibility
sudo u_systemcheck

# Verify WiFi adapter
iwconfig

# Check monitor mode
sudo airmon-ng

# Kill interfering processes
sudo airmon-ng check kill

Dependencies Installation

The install script automatically installs dependencies, but you can manually install them:

# Ubuntu/Debian
sudo apt update && sudo apt install tshark arp-scan dsniff xterm

# CentOS/RHEL
sudo yum install wireshark arp-scan dsniff xterm

⚠️ Legal & Ethical Usage

• Educational Purpose Only - For authorized testing only
• Permission Required - Only monitor networks you own or have explicit permission to test
• Responsible Disclosure - Handle captured data ethically
• Compliance - Follow local laws and regulations

📊 Output Examples

Live Capture

=== LIVE PACKET CAPTURE ===
Interface: wlan0
Filter: Intel (AMT ports + telemetry & intel domains)
Press Ctrl+C to stop
==========================

URL Monitoring

=== URL & DOMAIN MONITOR ===
Filter: Samsung telemetry & update endpoints
Interface: wlan0
Press Enter & Ctrl+Z to stop
============================

📡 Stay Tuned:

📜 Licensing

This project is licensed under the MIT License.

💝 Donations

If you find this tool useful, consider supporting our work:

🌐 Connect With Us

📚 Resources

• Official Website
• CVE Updates & Database
• Cyber & Tech News
• Hackers Monitor & Tutorials

---

⚠️ Disclaimer: This tool is for educational and authorized testing purposes only. Always ensure you have proper permission before monitoring any network. The developers are not responsible for misuse.

Join Our Community: Undercode.help/Community

---

For detailed instructions, see u_capture_future_instructions.txt after installation.