You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am again using ssh-mitm to explore SSH and SFTP communications. I am using TShark to record packets between a local client and a local ssh-mitm instance.
tshark -i lo -f "port 10022" -w mitm.pcap
Loading the pcap file in Wireshark shows the expected handshake for an ssh sessions: once the key exchange has been completed and the packet New Keys is sent by any of the parties, the rest of the communication is encrypted and the fun is over.
Wireshark implements a protocol module for SSH that requires the user to provide "key exchange secrets" in a file including:
session cookie of a participant
kind of secret (SHARED_SECRET / PRIVATE_KEY)
session shared secret or the private key of the same participant
In my brief experience, finding the session cookie is trivial, as it is included in Key Exchange Init packet for each participant. Finding the secret is way more complicated since is kept in the process running client/server.
Does SSH-MiTM provide a way to obtain such secrets to facilitate packet inspection with other tools (Wireshark)?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
SSH-MITM - ssh audits made simple
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello again,
I am again using ssh-mitm to explore SSH and SFTP communications. I am using TShark to record packets between a local client and a local ssh-mitm instance.
tshark -i lo -f "port 10022" -w mitm.pcapLoading the pcap file in Wireshark shows the expected handshake for an ssh sessions: once the key exchange has been completed and the packet
New Keysis sent by any of the parties, the rest of the communication is encrypted and the fun is over.Wireshark implements a
protocolmodule for SSH that requires the user to provide "key exchange secrets" in a file including:In my brief experience, finding the session cookie is trivial, as it is included in
Key Exchange Initpacket for each participant. Finding the secret is way more complicated since is kept in the process running client/server.Does SSH-MiTM provide a way to obtain such secrets to facilitate packet inspection with other tools (Wireshark)?
Beta Was this translation helpful? Give feedback.
All reactions