Shulou(Shulou.com)05/31 Report--

This article is to share with you about what tool SSH-MITM is. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

SSH-MITM- intercepts SSH traffic

SSH-MITM server is designed for security audit and supports public key authentication, session hijacking and file tampering. It is important to note that the tool is based on the Python language, so you need to install and configure the Python environment on the host device.

SSH-MITM installation

Before using any software package, we need to install it correctly. To install SSH-MITM, we just need to open the command line terminal on the device and run the following command:

Use of the $pip install ssh-mitm tool

The use of SSH-MITM is very simple. If you need password authentication or session hijacking, you only need to turn on the intercepting MITM-SSH server. Open the command line terminal and run the following command:

$ssh-mitm-- remote-host 192.168.0.x

Next, we try to establish a connection to the SSH-MITM server. The SSH-MITM server listens on port 10022:

$ssh-p 10022 user@proxyserver

At this point, we will see the credential information output in the log:

2021-01-01 11 Remote Address: 192.168.0.x Port: 22 Username: user Password: supersecret Key: NoneAgent: None session hijacking

Obtaining plaintext credential information is only one of the functions of SSH-MITM. When the client connects successfully, SSH-MITM will open a new server and use it for session hijacking:

2021-01-01 11 42V 43699 [INFO] created injector shell on port 34463. Connect with: ssh-p 34463 127.0.0.1

When hijacking a session, we can choose the SSH client we like. It is important to note that this connection does not require any authentication:

$ssh-p 34463 127.0.0.1

After the connection is established, your session will only be updated with the latest response information, but we can still execute any command.

We can then try to execute some commands in the hijacked session or the original session.

The output of the execution of the command is displayed in both sessions.

Thank you for reading! This is the end of this article on "what is SSH-MITM?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.