def main():
moduleloader = ModuleParser(baseclass=TcpProxyHandler,
description='TCP Proxy Server')
moduleloader.add_plugin(LogModule)
moduleloader.add_module('--proxymanager',
dest='proxymanager',
default=SingleProxyManager,
help='ProxyManager to manage the Proxy',
baseclass=TcpProxyManager)
try:
args = moduleloader.parse_args()
except ModuleError as error:
logging.error('Module error! Module %s is not subclass of %s',
error.moduleclass, error.baseclass)
sys.exit(1)
if args.nosslverify and not args.sslpubkeypin:
logging.warning(
"SSL certificate verification disabled, but publickey pinning not used! You should consider to enable piblickey pinning."
)
if args.sslforward and args.socksproxy:
logging.warning("TCPProxy does not support Socks5 with SSL!")
try:
proxymanager = TcpProxyManager.get_instance(args.proxymanager)
proxymanager.start(args)
except TcpProxyModuleError:
logging.error("Failed to load module %s", args.modules)
except TooManyForwarders:
logging.error("Too many forwarders!")
except CertificateMissingException as cert_error:
logging.error("Certificate %s is missing - ssl disabled",
cert_error.certificate_path)
except KeyboardInterrupt:
sys.exit(1)
def main():
parser = ModuleParser(description='SSH Proxy Server',
baseclass=BaseForwarder,
modules_from_file=True)
parser.add_plugin(LogModule)
parser.add_argument('--listen-port',
dest='listen_port',
default=10022,
type=int,
help='listen port')
parser.add_argument('--transparent',
dest='transparent',
action='store_true',
help='enables transparent mode (requires root)')
parser.add_argument('--host-key', dest='host_key', help='rsa host key')
parser.add_module('--ssh-interface',
dest='ssh_interface',
default=SSHForwarder,
help='ProxyManager to manage the Proxy',
baseclass=SSHBaseForwarder)
parser.add_module('--scp-interface',
dest='scp_interface',
default=SCPForwarder,
help='ProxyManager to manage the Proxy',
baseclass=SCPBaseForwarder)
parser.add_module('--sftp-interface',
dest='sftp_interface',
default=SFTPProxyServerInterface,
help='SFTP Handler to handle sftp file transfers',
baseclass=BaseSFTPServerInterface)
parser.add_module('--sftp-handler',
dest='sftp_handler',
default=SFTPHandlerPlugin,
help='SFTP Handler to handle sftp file transfers',
baseclass=SFTPHandlerBasePlugin)
parser.add_module('--server-interface',
dest='auth_interface',
default=ServerInterface,
baseclass=BaseServerInterface,
help='interface for authentication')
parser.add_module('--authenticator',
dest='authenticator',
default=AuthenticatorPassThrough,
baseclass=Authenticator,
help='module for user authentication')
parser.add_argument('--forward-agent',
dest='foreward_agent',
action='store_true',
help='enables agent forwarding')
parser.add_argument('--banner-name',
dest='banner_name',
help='set a custom string as server banner')
args = parser.parse_args()
args.authenticator.AGENT_FORWARDING = args.foreward_agent
proxy = SSHProxyServer(args.listen_port,
key_file=args.host_key,
ssh_interface=args.ssh_interface,
scp_interface=args.scp_interface,
sftp_interface=args.sftp_interface,
sftp_handler=args.sftp_handler,
authentication_interface=args.auth_interface,
authenticator=args.authenticator,
transparent=args.transparent)
if args.banner_name is not None:
Transport._CLIENT_ID = args.banner_name
proxy.start()
def main():
parser = ModuleParser(description='SSH Proxy Server',
baseclass=BaseForwarder,
modules_from_file=True)
parser.add_plugin(LogModule)
parser.add_argument('--listen-port',
dest='listen_port',
default=10022,
type=int,
help='listen port')
parser.add_argument('--transparent',
dest='transparent',
action='store_true',
help='enables transparent mode (requires root)')
parser.add_argument('--host-key', dest='host_key', help='rsa host key')
parser.add_module('--ssh-interface',
dest='ssh_interface',
default=SSHMirrorForwarder,
help='ProxyManager to manage the Proxy',
baseclass=SSHBaseForwarder)
parser.add_module('--scp-interface',
dest='scp_interface',
default=SCPForwarder,
help='ProxyManager to manage the Proxy',
baseclass=SCPBaseForwarder)
parser.add_module('--sftp-interface',
dest='sftp_interface',
default=SFTPProxyServerInterface,
help='SFTP Handler to handle sftp file transfers',
baseclass=BaseSFTPServerInterface)
parser.add_module('--sftp-handler',
dest='sftp_handler',
default=SFTPHandlerPlugin,
help='SFTP Handler to handle sftp file transfers',
baseclass=SFTPHandlerBasePlugin)
parser.add_module('--auth-interface',
dest='auth_interface',
default=ServerInterface,
baseclass=BaseServerInterface,
help='interface for authentication')
parser.add_module('--authenticator',
dest='authenticator',
default=AuthenticatorPassThrough,
baseclass=Authenticator,
help='module for user authentication')
parser.add_argument('--request-agent',
dest='foreward_agent',
action='store_true',
help='enables agent forwarding')
parser.add_argument(
'--request-agent-breakin',
dest='request_agent_breakin',
action='store_true',
help=
'enables agent forwarding and tryies to break in to the agent, if not forwarded'
)
parser.add_argument('--banner-name',
dest='banner_name',
help='set a custom string as server banner')
parser.add_argument('--paramiko-log-level',
dest='paramiko_log_level',
default='warning',
choices=['warning', 'info', 'debug'],
help='set paramikos log level')
args = parser.parse_args()
if args.paramiko_log_level == 'debug':
logging.getLogger("paramiko").setLevel(logging.DEBUG)
elif args.paramiko_log_level == 'info':
logging.getLogger("paramiko").setLevel(logging.INFO)
else:
logging.getLogger("paramiko").setLevel(logging.WARNING)
args.authenticator.REQUEST_AGENT = args.foreward_agent
if args.request_agent_breakin:
args.authenticator.REQUEST_AGENT = True
args.authenticator.REQUEST_AGENT_BREAKIN = True
proxy = SSHProxyServer(args.listen_port,
key_file=args.host_key,
ssh_interface=args.ssh_interface,
scp_interface=args.scp_interface,
sftp_interface=args.sftp_interface,
sftp_handler=args.sftp_handler,
authentication_interface=args.auth_interface,
authenticator=args.authenticator,
transparent=args.transparent)
if args.banner_name is not None:
Transport._CLIENT_ID = args.banner_name
proxy.start()
def main():
parser = ModuleParser(description='SSH Proxy Server', modules_from_file=True)
parser.add_plugin(LogModule)
parser.add_argument(
'--listen-port',
dest='listen_port',
default=10022,
type=int,
help='listen port'
)
parser.add_argument(
'--transparent',
dest='transparent',
action='store_true',
help='enables transparent mode (requires root)'
)
parser.add_argument(
'--host-key',
dest='host_key',
help='host key file'
)
parser.add_argument(
'--host-key-algorithm',
dest='host_key_algorithm',
default='rsa',
choices=['dss', 'rsa', 'ecdsa', 'ed25519'],
help='host key algorithm (default rsa)'
)
parser.add_argument(
'--host-key-length',
dest='host_key_length',
default=2048,
type=int,
help='host key length for dss and rsa (default 2048)'
)
parser.add_module(
'--ssh-interface',
dest='ssh_interface',
default=SSHMirrorForwarder,
help='interface to handle terminal sessions',
baseclass=SSHBaseForwarder
)
parser.add_module(
'--scp-interface',
dest='scp_interface',
default=SCPForwarder,
help='interface to handle scp file transfers',
baseclass=SCPBaseForwarder
)
parser.add_module(
'--sftp-interface',
dest='sftp_interface',
default=SFTPProxyServerInterface,
help='SFTP Handler to handle sftp file transfers',
baseclass=BaseSFTPServerInterface
)
parser.add_module(
'--sftp-handler',
dest='sftp_handler',
default=SFTPHandlerPlugin,
help='SFTP Handler to handle sftp file transfers',
baseclass=SFTPHandlerBasePlugin
)
parser.add_module(
'--server-tunnel',
dest='server_tunnel_interface',
default=ServerTunnelForwarder,
help='interface to handle tunnels from the server',
baseclass=ServerTunnelBaseForwarder
)
parser.add_module(
'--client-tunnel',
dest='client_tunnel_interface',
default=ClientTunnelForwarder,
help='interface to handle tunnels from the client',
baseclass=ClientTunnelBaseForwarder
)
parser.add_module(
'--auth-interface',
dest='auth_interface',
default=ServerInterface,
baseclass=BaseServerInterface,
help='interface for authentication'
)
parser.add_module(
'--authenticator',
dest='authenticator',
default=AuthenticatorPassThrough,
baseclass=Authenticator,
help='module for user authentication'
)
parser.add_argument(
'--request-agent',
dest='request_agent',
action='store_true',
help='request agent for public key authentication'
)
parser.add_argument(
'--request-agent-breakin',
dest='request_agent_breakin',
action='store_true',
help='enables agent forwarding and tryies to break in to the agent, if not forwarded'
)
parser.add_argument(
'--banner-name',
dest='banner_name',
help='set a custom string as server banner'
)
parser.add_argument(
'--paramiko-log-level',
dest='paramiko_log_level',
default='warning',
choices=['warning', 'info', 'debug'],
help='set paramikos log level'
)
parser.add_argument(
'--disable-workarounds',
dest='disable_workarounds',
action='store_true',
help='disable paramiko workarounds'
)
args = parser.parse_args()
if not args.disable_workarounds:
Transport.run = dropbear.transport_run
if args.paramiko_log_level == 'debug':
logging.getLogger("paramiko").setLevel(logging.DEBUG)
elif args.paramiko_log_level == 'info':
logging.getLogger("paramiko").setLevel(logging.INFO)
else:
logging.getLogger("paramiko").setLevel(logging.WARNING)
args.authenticator.REQUEST_AGENT = args.request_agent
if args.request_agent_breakin:
args.authenticator.REQUEST_AGENT = True
args.authenticator.REQUEST_AGENT_BREAKIN = True
proxy = SSHProxyServer(
args.listen_port,
key_file=args.host_key,
key_algorithm=args.host_key_algorithm,
key_length=args.host_key_length,
ssh_interface=args.ssh_interface,
scp_interface=args.scp_interface,
sftp_interface=args.sftp_interface,
sftp_handler=args.sftp_handler,
server_tunnel_interface=args.server_tunnel_interface,
client_tunnel_interface=args.client_tunnel_interface,
authentication_interface=args.auth_interface,
authenticator=args.authenticator,
transparent=args.transparent,
args=args
)
if args.banner_name is not None:
Transport._CLIENT_ID = args.banner_name
proxy.start()
def init_server_parser(parser: ModuleParser) -> None:
parser.add_argument(
'--listen-port',
dest='listen_port',
default=10022,
type=int,
help='listen port'
)
parser.add_argument(
'--transparent',
dest='transparent',
action='store_true',
help='enables transparent mode (requires root)'
)
parser.add_argument(
'--host-key',
dest='host_key',
help='host key file'
)
parser.add_argument(
'--host-key-algorithm',
dest='host_key_algorithm',
default='rsa',
choices=['dss', 'rsa', 'ecdsa', 'ed25519'],
help='host key algorithm (default rsa)'
)
parser.add_argument(
'--host-key-length',
dest='host_key_length',
default=2048,
type=int,
help='host key length for dss and rsa (default 2048)'
)
parser.add_module(
'--ssh-interface',
dest='ssh_interface',
default=SSHMirrorForwarder,
help='interface to handle terminal sessions',
baseclass=SSHBaseForwarder
)
parser.add_module(
'--scp-interface',
dest='scp_interface',
default=SCPStorageForwarder,
help='interface to handle scp file transfers',
baseclass=SCPBaseForwarder
)
parser.add_module(
'--sftp-interface',
dest='sftp_interface',
default=SFTPProxyServerInterface,
help='SFTP Handler to handle sftp file transfers',
baseclass=BaseSFTPServerInterface
)
parser.add_module(
'--sftp-handler',
dest='sftp_handler',
default=SFTPHandlerStoragePlugin,
help='SFTP Handler to handle sftp file transfers',
baseclass=SFTPHandlerBasePlugin
)
parser.add_module(
'--remote-port-forwarder',
dest='server_tunnel_interface',
default=InjectableRemotePortForwardingForwarder,
help='interface to handle tunnels from the server',
baseclass=RemotePortForwardingBaseForwarder
)
parser.add_module(
'--local-port-forwarder',
dest='client_tunnel_interface',
default=SOCKSTunnelForwarder,
help='interface to handle tunnels from the client',
baseclass=LocalPortForwardingBaseForwarder
)
parser.add_module(
'--auth-interface',
dest='auth_interface',
default=ServerInterface,
baseclass=BaseServerInterface,
help='interface for authentication'
)
parser.add_module(
'--authenticator',
dest='authenticator',
default=AuthenticatorPassThrough,
baseclass=Authenticator,
help='module for user authentication'
)
parser.add_argument(
'--request-agent-breakin',
dest='request_agent_breakin',
action='store_true',
help='enables agent forwarding and tryies to break in to the agent, if not forwarded'
)
parser.add_argument(
'--banner-name',
dest='banner_name',
default=f'SSHMITM_{ssh_mitm_version}',
help='set a custom string as server banner'
)
parser.add_module(
'--session-class',
dest='session_class',
default=Session,
baseclass=BaseSession,
help=argparse.SUPPRESS
)