Wireshark and a little magic

Hello everyone, geeks and not-so-geeks!

Today I decided to feel a little like a hacker (well, almost) and went in search of files hidden in the depths of my Wi-Fi traffic.

• Step 1: Preparing for the Hunt The first thing I did was switch my Wi-Fi adapter into monitoring mode so I could see everything that was flying through the air. Then I launched Wireshark, ready to capture data.

• Step 2: PDF Bait To avoid looking for a needle in a haystack, I printed a picture from my phone. I knew that it would appear somewhere in the traffic, because the phone communicates with the printer via the IPP protocol.

• Step 3: Fishing Wireshark began its work and I waited patiently. And here it is, the moment of truth! In the search filter I entered “%PDF” and… Bingo! Found mine picture raw data in a TCP stream.

  

• Step 4: Clean the catch Of course, there was a lot of garbage in the traffic: all sorts of HTTP requests, service data. But I was only interested in PDF. So I quickly filtered out the unnecessary ones, leaving only the necessary packages. Then I exported all the “filtered” packages to another smaller file

• Step 5: The magic of tshark At this stage I needed the help of the terminal. Ran the command tshark -r filtered.pcapng -T fields -e tcp.payload | tr -d '\n',':' | xxd -r -ps > out.pdf

  (don't forget that tshark must be installed!). This magical line turned my intercepted traffic into a full-fledged PDF file.

  Voila! I received my PDF directly from the Wi-Fi broadcast without connecting directly to the printer. Not bad for the first time, right?

PS This, of course, is not hacking the Pentagon, but still quite interesting. Please note that hacking is not good, so hack only your brain and test your equipment for security, happy hacking!