sshmitm.forwarders.powershell module
PowerShell remoting (PSRP over SSH) forwarder.
PowerShell remoting over SSH is implemented as an SSH subsystem: the client
opens a channel and requests the powershell subsystem, which on the remote
host launches pwsh -sshs. All traffic on that channel is the binary
PowerShell Remoting Protocol (PSRP) — a bidirectional, framed-by-PowerShell
stream that must be relayed verbatim.
Unlike NETCONF, PSRP has no line/terminator framing that SSH-MITM could safely
parse, so this forwarder performs a transparent byte-for-byte relay using the
generic loop provided by ExecForwarder.
Extending this forwarder
For pass-through the data hooks are intentionally identity functions. To debug,
log, or modify the PSRP stream, subclass PowerShellForwarder and
override:
handle_client_data()- bytes sent from the client towards the remotepwsh.handle_server_data()- bytes sent from the remotepwshback to the client.handle_error()- bytes on the stderr stream.
Each hook receives the raw chunk and must return the (possibly modified) bytes to forward; returning the input unchanged keeps the session transparent.
- class sshmitm.forwarders.powershell.PowerShellBaseForwarder(session)
Bases:
ExecForwarderBase class for PowerShell remoting (PSRP) subsystem forwarders.
- Parameters:
session (
Session)
- property client_channel: Channel | None
Returns the client channel for the current plugin type
- forward()
Forwards data between the client and the server
- Return type:
None
- subsystem_name: ClassVar[str] = 'powershell'
- class sshmitm.forwarders.powershell.PowerShellForwarder(session)
Bases:
PowerShellBaseForwarderTransparent MITM forwarder for the PowerShell remoting (PSRP) subsystem.
Relays the binary PSRP stream between the client and the remote
pwsh -sshsprocess without modification. No parsing or logging is performed — all traffic is forwarded byte-for-byte.Usage example
ssh-mitm server --powershell-interface base
Notes
This is the default PowerShell forwarder; no
--powershell-interfaceflag is needed unless overriding.To log or inspect PSRP traffic use the
log-sessionplugin instead.See the module docstring for how to subclass and hook into the stream.
- Parameters:
session (
Session)
- forward()
Forwards data between the client and the server
- Return type:
None