I had some time over the long weekend to tweak a Metasploit script I’ve had lying around for a few months years. When I wrote the Python prn-2-me script I also drew up the basics of a printjob MITM module for Metasploit but never managed to finish it up.

The Python version is limited in that it was designed to handle RAW print streams only… it was also really badly written (like most of my early Python stuff). The Metasploit Module I’m testing currently should also handle LPR/LPD printjobs by sitting in the middle and passing communications backwards and forwards between the client and the printer. I’ve also begun to look at implementing some IPP sniffing as well, using the same technique as LPR/LPD (streaming the data to the printer and sniffing out the printjob and Metadata).

This is still a work in progress, and handling LPR/LPD and IPP is a bit more tricky than RAW printjobs.

A couple of helpful folks have been testing out the module for me… if you want to assist please take a look at the module and see what you think (download link below). If you have any problems please do a packet capture so I can see what’s not working correctly and adapt the module. As the various printers and drivers handle things slightly differently the idea is to look at as many models as possibly (not just HP!).

Links:

Python prn-2-me (HERE)

Metasploit auxiliary/server/capture/printjob_capture.rb –> In Development!