jmitm2 is a SSH2 man-in-the-middle-attack program based on the SSH2 client/server implementation J2SSH

简介:  Features handles as many connections as you want simultaneously (configurable, default is 10...

 

Features

 

handles as many connections as you want simultaneously (configurable, default is 10)

 

 

uses log4j for flexible logging

 

 

speaks SSH2, which all ssh-mitm-attackers I have seen to date don't

 

 

is easy to extend, e.g. for taking over a session, injecting commands, statistical purposes, new ciphers,...

 

Much of this is owed to the great J2SSH API, which is available under the LGPL.

jmitm2 has already successfully used for training by ASAP-COM GmbH.

 

 

Architecture

Basically, it is constructed as follows:

 

it extends most server classes to contain a reference to a new object:

 

 

that object (called MitmGlue) keeps track of each session, looping it through to the remote target host

 

 

for authentication, a new MitmFakeAuthenticationProvider is created, that passes username and password to the MitmGlue object, which can log them and use them for authentication at the target host

 

 

Documentation

 

You can browse the javadoc online. All classes starting with "Mitm" are part of jmitm2.

 

 

You can download a copy of the presentation of jmitm2 held at Tübingen university. That presentation was held in german.

 

 

The Studienarbeit (in german) is also available.

 

 

There is a brief description of the usage of jmitm2 available.

 

You can download a binary package of jmitm2 that should contain everything neccessary to run the program, as well as a copy of the source of J2SSH 0.1.0, extended by the MitmFakeAuthenticationProvider.java (in the platforms/ directory) and the com.sshtools.jmitm2 Java package which contains all other jmitm2 classes as source. I developed and built this using eclipse, so as far as compiling is concerned, you'll certainly need log4j, maybe ant or eclipse, and a bit of twiddling. Contact me if you have problems.


The classes using code from J2SSH are of course LGPL'ed, and so is the jmitm2 code itself. If you have any questions, contact me.

 

jmitm2-0.1.0-source.tar.gz

source code

239 K

jmitm2-0.1.0-source.tar.gz.asc

signature

234

jmitm2-0.1.0.tar.gz

binary package

1.5 M

jmitm2-0.1.0.tar.gz.asc

signature

234

目录
相关文章
|
网络安全
|
安全 网络安全 虚拟化
|
Shell 网络安全 数据安全/隐私保护
|
Java Shell Linux
linux服务器使用SSH Secure Shell Client部署tomcat
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/hans201507/article/details/51810962 1.
1049 0
|
网络安全
Bitvise SSH Client+SwitchySharp配置
1、http://blog.onlybird.com/getfreessh 获取免费的ssh帐号密码 2、下载SwitchySharp插件 3、下载Bitvise SSH Client客户端 4、配置如下 $(function () { $('pre.prettyprint code').
2668 0
|
前端开发 网络安全
在线SSH控制端--Online SSH AJAX client
http://www.serfish.com/console/
726 0