Currently I am learning about MitM and how to use it. Therefore I am doing some arp spoofing (just like in OTW's tutorial about a simple man in the middle attack) and I am using Wireshark to analyse the packages. This all worked fine so I decided I wanted to try to get myself inbetween a networkprinter and the router to capture documents that are being printed. I printed an example document with at the top stating Oefentoets(Dutch) and then one of my old chemistry tests on the rest of the page. However when analysing the captured packages I did find a tcp stream with Oefentoets at the top of it followed by something that looked like it could be my old test when looking at the size but than in a way different format or code. Probably it is compressed in some kind of way but I don't know how to convert it into text. I tried saving it as raw but then I could only open it with Notepad showing an even less understandable code.
I hope anyone can help me out :)
Printscreen of top of tcp stream:
Printscreen of tcp stream:
5 Responses
I can't see the "data-stream", but I can suppose ur file will be encrypted (probably in a different file-format, I never read a lot about printer xD ) in some way and then sent to the printer .
So probably: u print a file -> the file get converted in another fileformat -> then is sent to the printer to get printed.
This mean u are seeing the fileformat for the printer and not for the specific software u used.
Yes I thought that aswell but how do I figure out which kind of file format or encryption it is?
Hell it sounds good, did you find a way to read that?
I recently found this https://rootsecurity.nl/2013/12/28/capture-and-re-print-print-jobs-on-you-network/
Could u tell me what you did?
Do you mean, telling you how I captured it or how I managed to make the raw output readable?
google it?
Share Your Thoughts