sshmitm.plugins.scp.cve202229154 module

This plugin modifies the behavior of the rsync command in SCP. The rsync-inject-file argument can be specified to add an additional file to the rsync command sent to the server. The rewritten rsync command is logged for informational purposes.

class sshmitm.plugins.scp.cve202229154.CVE202229154(session)

Bases: SCPForwarder

Injects an additional file path into rsync commands (CVE-2022-29154).

When an rsync client syncs files over SSH, this plugin rewrites the rsync server command to append an extra file path. As a result, the rsync server sends the attacker-controlled file to the client in addition to the originally requested content.

Usage example

ssh-mitm server --scp-forwarder CVE-2022-29154 --rsync-inject-file /path/to/inject.txt

Notes

  • Only rsync commands (those starting with rsync --server) are rewritten; all other SCP or exec traffic passes through unchanged.

  • The injected file path is appended to the rsync argument list; rsync on the server side then includes that path in the transfer.

Parameters:

session (Session)

classmethod parser_arguments()
Return type:

None

rewrite_scp_command(command)
Parameters:

command (str)

Return type:

str