Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SquatConf 2016: How to intercept your boss' print jobs

Thomas Watson
April 30, 2016
Programming
0
63

SquatConf 2016: How to intercept your boss' print jobs

The code use in this deck can be found here: https://github.com/watson/talks/tree/master/2016/04%20SquatConf/code

Bonjour/Zeroconf is used to automatically configure and connect to networked devices like printers on a LAN and is widely deployed in offices and homes. This talk gives an introduction to the Zeroconf standard and shows how it’s vulnerable to a man-in-the-middle attack.

The talk will show how Zeroconf can be exploited to allow a man-in-the-middle attack on any Zeroconf enabled device. This allows you to intercept anything from print jobs to admin panel passwords.

Thomas Watson

April 30, 2016
Tweet

More Decks by Thomas Watson

See All by Thomas Watson
NodeConf Remote 2020: JavaScript Prototypes Behind the Scenes
wa7son
0
210
Elastic JavaScript Guild October 2020: These go to eleven
wa7son
0
35
nodejsday 2020: JavaScript Prototypes Behind the Scenes
wa7son
1
160
js.talks() 2019: The Trouble With Tracers
wa7son
0
47
NodeConf EU 2019: The Trouble with Tracers
wa7son
0
70
Elastic JavaScript Guild August 2019: Post-Mortem Debugging in Node.js
wa7son
0
59
JSNation 2019: Post-Mortem Debugging in Node.js
wa7son
0
170
JS Fest 2019: Post-Mortem Debugging in Node.js
wa7son
0
100
Logging, Metrics, and APM: The Holy Trinity of Operations
wa7son
1
150

Other Decks in Programming

See All in Programming
Git Rebase
bkuhlmann
11
1.6k
Behind VS Code Extensions for JavaScript / TypeScript Linnting and Formatting
unvalley
5
870
Semantic search with Django and pgvector
pauloxnet
0
240
Site Reliability Engineering for GMO
pyama86
7
1k
見た目から始める生産性向上
ikumatadokoro
7
770
FigmaとPHPで作る1ミリたりとも表示崩れしない最強の帳票印刷ソリューション
ttskch
43
18k
入門 AWS Amplify Gen2 / Introduction to AWS Amplify Gen2
genkiogasawara
1
320
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
360
コードレビューで学ぶ!Kotlinオブジェクト指向デザインパターン
akkie76
2
190
エンターテイメント業界で利用されるAWS
demuyan
0
210
はてなにおける CSS Modules、及び CSS Modules に足りないもの / CSS Modules in Hatena, and CSS Modules missing parts
mizdra
6
900
HUIT新歓2024「競技プログラミング、やってみませんか?」
slephy2784
1
260

Featured

See All Featured
Faster Mobile Websites
deanohume
298
30k
No one is an island. Learnings from fostering a developers community.
thoeni
15
2.1k
Being A Developer After 40
akosma
56
580k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Building Adaptive Systems
keathley
30
1.9k
A Modern Web Designer's Workflow
chriscoyier
689
190k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
39k
Why Our Code Smells
bkeepers
PRO
331
56k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
13
1.5k
Building an army of robots
kneath
300
41k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
154
14k

Transcript

  1. Thomas Watson @wa7son github.com/watson

  2. Build your own printer in JavaScript … no hardware required!

  3. AirPlay

  4. AirPlay Bonjour / Zeroconf

  5. AirPlay Bonjour / Zeroconf Multicast DNS

  6. AirPlay Bonjour / Zeroconf Multicast DNS DNS Service Discovery (DNS-SD)

  7. None
  8. None

  9. • Print Job • Print URI • Validate Job •

    Create Job • Get Printer Attributes • Get Jobs • Pause Printer • Resume Printer • Purge Jobs • Send Document • Send URI • Cancel Job • Get Job Attributes • Hold Job • Release Job • Restart Job Printer operations Job operations

  10. • Print Job 0x02 • Print URI 0x03 • Validate

    Job 0x04 • Create Job 0x05 • Get Printer Attributes 0x0b • Get Jobs 0x0a • Pause Printer 0x10 • Resume Printer 0x11 • Purge Jobs 0x12 • Send Document 0x06 • Send URI 0x07 • Cancel Job 0x08 • Get Job Attributes 0x09 • Hold Job 0x0c • Release Job 0x0d • Restart Job 0x0e Printer operations Job operations
  11. None
  12. None
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. None
  20. None
  21. None

  22. github.com / watson / ipp-encoder

  23. None
  24. None
  25. None
  26. None
  27. None
  28. None
  29. None
  30. None
  31. None
  32. None
  33. None

  34. • Print Job 0x02 • Print URI 0x03 • Validate

    Job 0x04 • Create Job 0x05 • Get Printer Attributes 0x0b • Get Jobs 0x0a • Pause Printer 0x10 • Resume Printer 0x11 • Purge Jobs 0x12 • Send Document 0x06 • Send URI 0x07 • Cancel Job 0x08 • Get Job Attributes 0x09 • Hold Job 0x0c • Release Job 0x0d • Restart Job 0x0e Printer operations Job operations

  35. • Print Job 0x02 • Print URI 0x03 • Validate

    Job 0x04 • Create Job 0x05 • Get Printer Attributes 0x0b • Get Jobs 0x0a • Pause Printer 0x10 • Resume Printer 0x11 • Purge Jobs 0x12 • Send Document 0x06 • Send URI 0x07 • Cancel Job 0x08 • Get Job Attributes 0x09 • Hold Job 0x0c • Release Job 0x0d • Restart Job 0x0e Printer operations Job operations

  36. github.com / watson / ipp-printer

  37. NCFACP (NSA/CIA/FBI auto censoring printer)

  38. None

  39. printb.in

  40. None

  41. Attack vector: Zeroconf / Bonjour

  42. Man in the middle • Attacker: Malicious mDNS announcement •

    Target: Forced name change • Clients: Update reference to new host/port • Attacker: Intercept and forward all jobs

  43. github.com / watson / bcc

  44. Thank you! -> Q&A @wa7son github.com / watson github.com /

    watson / bonjour github.com / watson / ipp-encoder github.com / watson / ipp-printer github.com / watson / printcat github.com / watson / bcc printb.in