sshmitm.tutorial.tutorials.sftp_download package
Tutorial: SFTP File Download Interception.
- class sshmitm.tutorial.tutorials.sftp_download.SFTPDownloadTutorial
Bases:
Tutorial- category: ClassVar[str] = 'File Transfer'
- description: ClassVar[str] = 'Learn how SSH-MITM intercepts SFTP downloads and reveals which files a client copies from a server.'
- generate_sftp_files(session_data)
Return the in-memory SFTP filesystem
{path: content}for this session.Override in subclasses that use an SFTP victim action. Only the returned paths are accessible via SFTP; all other requests are rejected with
SFTP_NO_SUCH_FILE. Return an empty dict (default) to disable SFTP on the mock server.- Parameters:
session_data (
dict[str,object])- Return type:
dict[str,bytes]
- generate_tutorial_session_data()
Return tutorial-specific values merged into the session data at start.
Override in subclasses to inject randomized values (e.g. filenames, commands) that
UserInputconditions check against.- Return type:
dict[str,object]
- id: ClassVar[str] = '03-sftp-download'
- steps: list[Step] = [Step(id='intro', title='What you will learn', content='', condition=<sshmitm.tutorial._conditions.TRUE object>, victim_action=None, command=None, copyable=[], hint_waiting='', hint_done='Introduction read. ✓'), Step(id='start-sshmitm', title='Start SSH-MITM', content='', condition=<sshmitm.tutorial._conditions.PortOpen object>, victim_action=None, command='ssh-mitm server --remote-host 127.0.0.1 --remote-port {mock_port} --listen-port {sshmitm_port}', copyable=[], hint_waiting='Waiting for SSH-MITM to start on port {sshmitm_port}…', hint_done='SSH-MITM is running on port {sshmitm_port}. ✓'), Step(id='intercept', title='Find the downloaded filename', content='', condition=<sshmitm.tutorial._conditions.UserInput object>, victim_action=<sshmitm.tutorial._client_actions.SFTPDownloadSessionAction object>, command=None, copyable=[], hint_waiting='A developer is downloading a file through SSH-MITM. Check the terminal and enter the filename above.', hint_done='Correct! You intercepted the file transfer. ✓')]
- title: ClassVar[str] = 'SFTP File Download Interception'