Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SquatConf 2016: How to intercept your boss' pri...

Thomas Watson
April 30, 2016
Programming
0
65

SquatConf 2016: How to intercept your boss' print jobs

The code use in this deck can be found here: https://github.com/watson/talks/tree/master/2016/04%20SquatConf/code

Bonjour/Zeroconf is used to automatically configure and connect to networked devices like printers on a LAN and is widely deployed in offices and homes. This talk gives an introduction to the Zeroconf standard and shows how it’s vulnerable to a man-in-the-middle attack.

The talk will show how Zeroconf can be exploited to allow a man-in-the-middle attack on any Zeroconf enabled device. This allows you to intercept anything from print jobs to admin panel passwords.

Thomas Watson

April 30, 2016
Tweet

More Decks by Thomas Watson

See All by Thomas Watson
NodeConf Remote 2020: JavaScript Prototypes Behind the Scenes
wa7son
0
230
Elastic JavaScript Guild October 2020: These go to eleven
wa7son
0
37
nodejsday 2020: JavaScript Prototypes Behind the Scenes
wa7son
1
180
js.talks() 2019: The Trouble With Tracers
wa7son
0
52
NodeConf EU 2019: The Trouble with Tracers
wa7son
0
77
Elastic JavaScript Guild August 2019: Post-Mortem Debugging in Node.js
wa7son
0
66
JSNation 2019: Post-Mortem Debugging in Node.js
wa7son
0
220
JS Fest 2019: Post-Mortem Debugging in Node.js
wa7son
0
110
Logging, Metrics, and APM: The Holy Trinity of Operations
wa7son
1
200

Other Decks in Programming

See All in Programming
Macとオーディオ再生 2024/11/02
yusukeito
0
370
『ドメイン駆動設計をはじめよう』のモデリングアプローチ
masuda220
PRO
8
540
Jakarta EE meets AI
ivargrimstad
0
570
macOS でできる リアルタイム動画像処理
biacco42
9
2.4k
役立つログに取り組もう
irof
28
9.6k
AWS IaCの注目アップデート 2024年10月版
konokenj
3
3.3k
イベント駆動で成長して委員会
happymana
1
320
[Do iOS '24] Ship your app on a Friday...and enjoy your weekend!
polpielladev
0
110
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
600
ローコードSaaSのUXを向上させるためのTypeScript
taro28
1
620
リアーキテクチャxDDD 1年間の取り組みと進化
hsawaji
1
220
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
2
1.1k

Featured

See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Embracing the Ebb and Flow
colly
84
4.5k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Code Reviewing Like a Champion
maltzj
520
39k
What's in a price? How to price your products and services
michaelherold
243
12k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
A designer walks into a library…
pauljervisheath
204
24k
Scaling GitHub
holman
458
140k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
890

Transcript

  1. Thomas Watson @wa7son github.com/watson

  2. Build your own printer in JavaScript … no hardware required!

  3. AirPlay

  4. AirPlay Bonjour / Zeroconf

  5. AirPlay Bonjour / Zeroconf Multicast DNS

  6. AirPlay Bonjour / Zeroconf Multicast DNS DNS Service Discovery (DNS-SD)

  7. None
  8. None

  9. • Print Job • Print URI • Validate Job •

    Create Job • Get Printer Attributes • Get Jobs • Pause Printer • Resume Printer • Purge Jobs • Send Document • Send URI • Cancel Job • Get Job Attributes • Hold Job • Release Job • Restart Job Printer operations Job operations

  10. • Print Job 0x02 • Print URI 0x03 • Validate

    Job 0x04 • Create Job 0x05 • Get Printer Attributes 0x0b • Get Jobs 0x0a • Pause Printer 0x10 • Resume Printer 0x11 • Purge Jobs 0x12 • Send Document 0x06 • Send URI 0x07 • Cancel Job 0x08 • Get Job Attributes 0x09 • Hold Job 0x0c • Release Job 0x0d • Restart Job 0x0e Printer operations Job operations
  11. None
  12. None
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. None
  20. None
  21. None

  22. github.com / watson / ipp-encoder

  23. None
  24. None
  25. None
  26. None
  27. None
  28. None
  29. None
  30. None
  31. None
  32. None
  33. None

  34. • Print Job 0x02 • Print URI 0x03 • Validate

    Job 0x04 • Create Job 0x05 • Get Printer Attributes 0x0b • Get Jobs 0x0a • Pause Printer 0x10 • Resume Printer 0x11 • Purge Jobs 0x12 • Send Document 0x06 • Send URI 0x07 • Cancel Job 0x08 • Get Job Attributes 0x09 • Hold Job 0x0c • Release Job 0x0d • Restart Job 0x0e Printer operations Job operations

  35. • Print Job 0x02 • Print URI 0x03 • Validate

    Job 0x04 • Create Job 0x05 • Get Printer Attributes 0x0b • Get Jobs 0x0a • Pause Printer 0x10 • Resume Printer 0x11 • Purge Jobs 0x12 • Send Document 0x06 • Send URI 0x07 • Cancel Job 0x08 • Get Job Attributes 0x09 • Hold Job 0x0c • Release Job 0x0d • Restart Job 0x0e Printer operations Job operations

  36. github.com / watson / ipp-printer

  37. NCFACP (NSA/CIA/FBI auto censoring printer)

  38. None

  39. printb.in

  40. None

  41. Attack vector: Zeroconf / Bonjour

  42. Man in the middle • Attacker: Malicious mDNS announcement •

    Target: Forced name change • Clients: Update reference to new host/port • Attacker: Intercept and forward all jobs

  43. github.com / watson / bcc

  44. Thank you! -> Q&A @wa7son github.com / watson github.com /

    watson / bonjour github.com / watson / ipp-encoder github.com / watson / ipp-printer github.com / watson / printcat github.com / watson / bcc printb.in