sshmitm.plugins.sftp.replace_file module

class sshmitm.plugins.sftp.replace_file.SFTPProxyReplaceHandler(sftp, filename)

Bases: SFTPHandlerPlugin

Replaces file content transparently during an SFTP transfer.

For every SFTP file the client reads or writes, this plugin substitutes the specified replacement file instead of the real content. The remote server receives the replacement on uploads; the client receives the replacement on downloads. The stat / lstat response is also patched to reflect the size of the replacement file so the client does not notice a size mismatch.

Usage example

ssh-mitm server --sftp-handler replace_file --sftp-replace-file /path/to/replacement.bin

Notes

  • The replacement file is opened once per file handle and closed when the handle is closed.

  • Both read and write operations are affected — every SFTP file access in the session serves or stores the replacement content.

Parameters:
class SFTPInterface(serverinterface)

Bases: SFTPProxyServerInterface

Parameters:

serverinterface (BaseServerInterface)

lstat(path)

Return an .SFTPAttributes object for a path on the server, or an error code. If your server supports symbolic links (also known as “aliases”), you should not follow them – instead, you should return data on the symlink or alias itself. (stat is the corresponding call that follows symlinks/aliases.)

Parameters:
  • path (str) – the requested path (relative or absolute) to fetch file statistics for.

  • path

Return type:

SFTPAttributes | int

Returns:

an .SFTPAttributes object for the given file, or an SFTP error code (like SFTP_PERMISSION_DENIED).

stat(path)

Return an .SFTPAttributes object for a path on the server, or an error code. If your server supports symbolic links (also known as “aliases”), you should follow them. (lstat is the corresponding call that doesn’t follow symlinks/aliases.)

Parameters:
  • path (str) – the requested path (relative or absolute) to fetch file statistics for.

  • path

Return type:

SFTPAttributes | int

Returns:

an .SFTPAttributes object for the given file, or an SFTP error code (like SFTP_PERMISSION_DENIED).

__init__(sftp, filename)

Resolves the replacement file path and opens it for reading.

Parameters:
  • sftp (SFTPBaseHandle) – the SFTP file handle for the intercepted transfer.

  • filename (str) – the original filename as requested by the client.

close()
Return type:

None

classmethod get_interface()
Return type:

type[BaseSFTPServerInterface] | None

handle_data(data, *, offset=None, length=None)
Parameters:
  • data (bytes)

  • offset (int | None, default: None)

  • length (int | None, default: None)

Return type:

bytes

classmethod parser_arguments()
Return type:

None