A quick intro to using mitmproxy to
man-in-the-middle an SSH connection.
So you want to sniff an SSH connection (that you have access to) but wireshark
is giving you junk? Luckily someone has written a tool for that. The
mitmproxy by Maximilian Hils allows
you to plop a fake server in between your SSH client and the SSH server
you're connecting to.
(Confusingly this is not the same as the other, more well known
mitmproxy which only does HTTPS and HTTP)
I wanted to have a nose at the data sent from git to github over SSH. This is
what I did.
# Download mitmproxy
git clone https://github.com/mitmproxy/mitmproxy.git
#Generate mitm keys (these go to ~/.mitmkeys)
Now you want to install the SSH key you just generated to the server you want
#Install SSH key
ssh-copy-id -i ~/.mitmkeys/id_rsa.pub user@victimserver
Then run the proxy, pointing it at the victimserver.
./mitmproxy_ssh -H victimserver
This runs the proxy on localhost:2222
Now simply connect to the local proxy:
And ta-da! You should see the raw data sent between client and server in the
window you ran mitmproxy_ssh.