sshmitm.forwarders.powershell module
PowerShell remoting (PSRP over SSH) forwarder.
PowerShell remoting over SSH is implemented as an SSH subsystem: the client
opens a channel and requests the powershell subsystem, which on the remote
host launches pwsh -sshs. All traffic on that channel is the binary
PowerShell Remoting Protocol (PSRP) — a bidirectional, framed-by-PowerShell
stream that must be relayed verbatim.
Unlike NETCONF, PSRP has no line/terminator framing that SSH-MITM could safely
parse, so this forwarder performs a transparent byte-for-byte relay using the
generic loop provided by ExecForwarder.
Extending this forwarder
For pass-through the data hooks are intentionally identity functions. To debug,
log, or modify the PSRP stream, subclass PowerShellForwarder and
override:
handle_client_data()- bytes sent from the client towards the remotepwsh.handle_server_data()- bytes sent from the remotepwshback to the client.handle_error()- bytes on the stderr stream.
Each hook receives the raw chunk and must return the (possibly modified) bytes to forward; returning the input unchanged keeps the session transparent.
- class sshmitm.forwarders.powershell.PowerShellBaseForwarder(session)
Bases:
ExecForwarderBase class for PowerShell remoting (PSRP) subsystem forwarders.
- Parameters:
session (
Session)
- property client_channel: Channel | None
Returns the client channel for the current plugin type
- forward()
Forwards data between the client and the server
- Return type:
None
- subsystem_name: ClassVar[str] = 'powershell'
- class sshmitm.forwarders.powershell.PowerShellForwarder(session)
Bases:
PowerShellBaseForwarderTransparent MITM forwarder for the PowerShell remoting (PSRP) subsystem.
Relays the binary PSRP stream between the client and the remote
pwsh -sshsprocess without modification. See the module docstring for how to hook into the stream for logging or modification.- Parameters:
session (
Session)
- forward()
Forwards data between the client and the server
- Return type:
None