Skip to content

Posts tagged ‘Interception’

24
Nov

Intercepting Print Jobs with prn-2-me

Don’t let the name fool you, prn-2-me is pronounced “print-to-me”, and not “pr0n-to-me”. I was disappointed too… but not for long!

prn-2-me is a man-in-the-middle python script from Chris John Riley that creates a custom listener (on port 9100 by default) and acts like a printer. Its purpose is to handle incoming PCL and PostScript print jobs, save a copy on your computer, and then forward them on to the actual printer. With a bit of arpspoofing magic, you or an attacker could intercept the print jobs of an entire office.

Click to enlarge

In theory, this tool could be expanded to allow you to also modify print files before they are sent on to the actual printer. An attacker could substitute specific prints with his own to do all kinds of wonderful and damaging things. Maybe a bit of automagic image editing in python could overlay an image on every file before forwarding it to the printer? Hilarity ensues. (Chris note the feature request)

Chris says he’s planning on integrating this into Metasploit. I’m going to hold him to that!

Download: prn2me.py

25
Oct

Intercepting Unencrypted Sessions with Firesheep

Firesheep, a new Firefox extension that allows you to intercept unencrypted sessions being transmitted over the network, has been released by Eric Butler. Taking advantage of websites that don’t use SSL by default, such as Facebook and Twitter, Firesheep uses network-sniffing to intercept the cookies used to transport session IDs (also known as sidejacking). Note this attack will work over Wifi by default, but will require extra work on a switched wired network.

Once Firesheep has intercepted a user’s cookie over the network, it allows you to be logged in as that user. The concept of session-stealing is as old as the internet, but to have a Firefox extension that does it in such a user-friendly manner is great. It’s also a lot more dangerous as it makes this attack so much easier for any unskilled attacker to carry out.

Firesheep Screenshot

Protecting Yourself

The are a couple ways of protecting yourself from sidejacking attacks.  The first and foremost is to ensure that you use SSL when visiting popular or particularly sensitive web services, including Gmail, Hotmail, Facebook, Twitter, or any other site that’s of importance to you (online banking?). The best way of doing this is to make sure your bookmarks (or the URL you type in) starts with “https://”, and that no SSL certificate errors appear. Another Firefox plugin, HTTPS Everywhere, from the privacy advocates over at the Electronic Frontier Foundation (EFF), enforces SSL on predefined sites. You can also protect your searches by using Google over SSL (encrypted.google.com).

Another way of protecting yourself is to channel your browser traffic through a VPN or SSH Tunnel. Your data is then sent through an encrypted link to a remote host (preferably one you control), before being sent to the destination.

Installing Firecat

Firebug runs in Firefox on Mac OS X and Windows, however Windows users will need to install WinPcap first. After downloading the extension file (xpi), simply open it by going to File -> Open File (you will need to restart Firefox). To clarify some confusion, once you’ve installed the extension, you need to go to View -> Sidebar -> Firesheep to enable it, and click Start Capturing.

Give it a try for yourself.

[Update] Detecting and protecting against Firesheep with FireShepherd.

css.php