Skip to content

November 24, 2010

1

Intercepting Print Jobs with prn-2-me

Don’t let the name fool you, prn-2-me is pronounced “print-to-me”, and not “pr0n-to-me”. I was disappointed too… but not for long!

prn-2-me is a man-in-the-middle python script from Chris John Riley that creates a custom listener (on port 9100 by default) and acts like a printer. Its purpose is to handle incoming PCL and PostScript print jobs, save a copy on your computer, and then forward them on to the actual printer. With a bit of arpspoofing magic, you or an attacker could intercept the print jobs of an entire office.

Click to enlarge

In theory, this tool could be expanded to allow you to also modify print files before they are sent on to the actual printer. An attacker could substitute specific prints with his own to do all kinds of wonderful and damaging things. Maybe a bit of automagic image editing in python could overlay an image on every file before forwarding it to the printer? Hilarity ensues. (Chris note the feature request)

Chris says he’s planning on integrating this into Metasploit. I’m going to hold him to that!

Download: prn2me.py

Related posts:

  1. Intercepting Unencrypted Sessions with Firesheep
  2. Firesheep Detection and Defence with FireShepherd [and BlackSheep]
  3. Wikileaks Releases 250k US Embassy Cables (Chinese Gov’t Responsible for Google Attacks)
  4. ProFTPD 1.3.3c Briefly Backdoored by Hackers
  5. Kernel.org Compromised, OpenSSH Source Not Backdoored
Read more from Security, Hacking, Networking
, , , , , , , , , ,
1 Comment Post a comment
  1. Ben
    Apr 20 2015

    I have been trying to use prn2-me but have not had any success. When I perform my arp spoofing which machines would I target? Would I target the router and the machine that is sending the print jobs I wish to intercept?

    Thanks,

    Ben

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php