sshmitm.forwarders.powershell module

PowerShell remoting (PSRP over SSH) forwarder.

PowerShell remoting over SSH is implemented as an SSH subsystem: the client opens a channel and requests the powershell subsystem, which on the remote host launches pwsh -sshs. All traffic on that channel is the binary PowerShell Remoting Protocol (PSRP) — a bidirectional, framed-by-PowerShell stream that must be relayed verbatim.

Unlike NETCONF, PSRP has no line/terminator framing that SSH-MITM could safely parse, so this forwarder performs a transparent byte-for-byte relay using the generic loop provided by ExecForwarder.

Extending this forwarder

For pass-through the data hooks are intentionally identity functions. To debug, log, or modify the PSRP stream, subclass PowerShellForwarder and override:

Each hook receives the raw chunk and must return the (possibly modified) bytes to forward; returning the input unchanged keeps the session transparent.

class sshmitm.forwarders.powershell.PowerShellBaseForwarder(session)

Bases: ExecForwarder

Base class for PowerShell remoting (PSRP) subsystem forwarders.

Parameters:

session (Session)

property client_channel: Channel | None

Returns the client channel for the current plugin type

forward()

Forwards data between the client and the server

Return type:

None

subsystem_name: ClassVar[str] = 'powershell'
class sshmitm.forwarders.powershell.PowerShellForwarder(session)

Bases: PowerShellBaseForwarder

Transparent MITM forwarder for the PowerShell remoting (PSRP) subsystem.

Relays the binary PSRP stream between the client and the remote pwsh -sshs process without modification. No parsing or logging is performed — all traffic is forwarded byte-for-byte.

Usage example

ssh-mitm server --powershell-interface base

Notes

  • This is the default PowerShell forwarder; no --powershell-interface flag is needed unless overriding.

  • To log or inspect PSRP traffic use the log-session plugin instead.

  • See the module docstring for how to subclass and hook into the stream.

Parameters:

session (Session)

forward()

Forwards data between the client and the server

Return type:

None