Port forwarding allows a host to access remote network resources while masquerading as the session endpoint.
SSH allows remote and local port forwarding over an existing connection:
Local port forwarding will allow the client to access network resources over a local port while masquerading as the server.
Remote port forwarding will allow the server to access network resources over an open port (on the server) masquerading as the client.
With ssh-mitm standard ssh client port forwarding features are seamlessly implemented so that no further configuration of the ssh-mit server is needed.
Functionality implemented as part of the ClientTunnelForwarder. This variation of a local port forward assumes that the to-be established connection over the port forward is a ssh connection and therefore uses the master channel as a direct-tcpip channel to the jumphost (stdin and stdout are connected to the direct-tcpip channel). The jumphost will therefore not receive a formal shell-session channel request.
When using the InjectableClientTunnelForwarder and InjectableServerTunnelForwarder plugins of the ssh-mitm server one is able to use port forwarding of the session to make requests from the mitm server masquerading as the remote host or the client.
1$ ssh-mitm --client-tunnel inject --tunnel-client-dest google.com:80 --server-tunnel inject
Using this configuration the ssh-mitm server will open ports on the designated network that will directly correlate to a port forward request to a given destination.
The InjectableClientTunnelForwarder can be used always, even if the ssh client is not even actively using the port
forwarding feature. Furthermore the
--tunnel-client-dest parameter can receive a space-separated list of destination
targets (e.g. google.com:80). The ssh-mitm server will then open a port for each destination.
The implementation of the InjectableServerTunnelForwarder currently only opens one port for injecting into a remote port forwarding session opened by the client.