Replies: 2 comments 6 replies
-
When git is used over SSH, SSH-MITM is able to intercept the connection. Intercept git over SSHIn most cases, publickey authentication is used to authenticate against the remote server. To intercept the whole connection, you have to start git with agent forwarding configured. This can be done with the Following setup can intercept the connection to github and prints the data as hexdump. # start the ssh server
ssh-mitm server --remote-host github.com --scp-interface debug_traffic
# invoke git commands
GIT_SSH_COMMAND="ssh -A" git clone ssh://[email protected]:10022/ssh-mitm/ssh-mitm.git Note: For testing purposes against Github you should use a ssh-agent with a single key. SSH-MITM tries to detect, if the intercepted user is allowed to login on the remote server with publickey authentication. Github only allows a small amount of those lookups and too many lookups can result in failed login attempts, even if the user is allowed to login over ssh. manipulate a git repository during git cloneGit has some security features which makes it hard to manipulate a git repository during git operations. For example you can rewrite the git history or add some new commits, but it's likely that this will be detected. If the client tires to update from a rewritten history, this will not work by default. Adding new commits can work as long as the commits are not signed and the user does not read commit messages. SSH-MITM is able to read and modify the content. This allows SSH-MITM to modify the data which is sent to the client. You have 2 options to create fake commits:
Why is git not supported by SSH-MITMgit is an application similar to SCP or rsync. Those applications establish a connection over ssh and a server application is executed. The client is communication over SSH with the server part. SSH-MITM is able to read and modify the raw data, which is transmitted over SSH. For a deeper integration with the application specific plugins must be created. This was done for SCP, because SCP is related to SSH, but the SCP protocol had to be implemented in SSH-MITM to understand the file transfer. git is a complex application and implementing the whole communication in SSH-MITM is out of scope. SSH-MITM primary goal is to provide a tool for SSH audits and not for specific applications like git. It's the same reasons why Burp Suit (HTTP man in the middle proxy) is able to read and modify data from git operations, but does not understand git over HTTPS itself. |
Beta Was this translation helpful? Give feedback.
-
Hello @manfred-kaiser, Your post about ssh-mitm around git audits was pretty helpful.
and on the ssh-mitm process, the output was
note: not seeing the remote command exit code, while I was expecting something like
Question:
Appreciate your help! |
Beta Was this translation helpful? Give feedback.
-
Hello,
any idea if i can spoof what users are trying to clone using git clone cmd ? ? I'm struggling figuring out my git/ssh config to use with ssh-mitm.
Thanks
Beta Was this translation helpful? Give feedback.
All reactions