MITM: mitm ssh
sumber: https://andrewmichaelsmith.com/2014/03/quick-and-easy-ssh-mitm/
Quick and Easy SSH MITM
Published: Thu 13 March 2014
By Andrew Smith
In Blog.
tags: ssh mitm
A quick intro to using mitmproxy to man-in-the-middle an SSH connection.
So you want to sniff an SSH connection (that you have access to) but wireshark is giving you junk? Luckily someone has written a tool for that. The mitmproxy by Maximilian Hils allows you to plop a fake server in between your SSH client and the SSH server you're connecting to.
I wanted to have a nose at the data sent from git to github over SSH. This is what I did.
- Download mitmproxy
git clone https://github.com/mitmproxy/mitmproxy.git
- Generate mitm keys (these go to ~/.mitmkeys)
./mitmkeys
Now you want to install the SSH key you just generated to the server you want to mitm.
- Install SSH key
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver
Then run the proxy, pointing it at the victimserver.
- Run proxy
./mitmproxy_ssh -H victimserver
This runs the proxy on localhost:2222
Now simply connect to the local proxy:
ssh localhost -p 2222
And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.