sshmitm.plugins.tunnel.socks module
- class sshmitm.plugins.tunnel.socks.ClientTunnelHandler(session, username=None, password=None)
Bases:
objectSimilar to the RemotePortForwardingForwarder
- Parameters:
session (
Session)username (
str|None, default:None)password (
str|None, default:None)
- __init__(session, username=None, password=None)
- Parameters:
session (
Session)username (
str|None, default:None)password (
str|None, default:None)
- handle_request(listenaddr, client, addr)
- Parameters:
listenaddr (
tuple[str,int])client (
socket|Channel)addr (
tuple[str,int] |None)
- Return type:
None
- class sshmitm.plugins.tunnel.socks.SOCKSTunnelForwarder(session, chanid, origin, destination)
Bases:
LocalPortForwardingForwarderExposes a SOCKS4/5 proxy on a local port for each intercepted SSH session.
When the SSH client opens a dynamic port forwarding channel (
-D), this plugin intercepts it and starts a SOCKS4/5 proxy instead. Any application that connects to the local SOCKS port has its traffic routed through the intercepted SSH session to arbitrary destinations — giving full visibility into the client’s tunnelled network.SSH-MITM logs the SOCKS port and ready-to-use example commands when a session starts.
Usage example
ssh-mitm server --local-port-forwarder socks
Route traffic through the proxy using the port printed at connect time:
# SOCKS4 nc -X 4 -x localhost:<port> address port # SOCKS5 nc -X 5 -x localhost:<port> address port
Notes
SOCKS5 authentication can be required with
--socks5-usernameand--socks5-password; SOCKS4 clients cannot authenticate and are rejected when credentials are configured.Use
--socks-listen-addressto restrict the proxy to a specific interface (default: 127.0.0.1).
- Parameters:
session (
Session)chanid (
int)origin (
tuple[str,int] |None)destination (
tuple[str,int] |None)
- classmethod parser_arguments()
- Return type:
None
- classmethod setup(session)
- Parameters:
session (
Session)- Return type:
None
- tcpservers: ClassVar[list[TCPServerThread]] = []