ssh-mitm

What's Changed

Fixed

• fixed python source distribution - reported by p-linnane

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/4.1.0...4.1.1

What's Changed

Fixed

• fixed AppImage build process

Changed

• better output for Flatpak
• allow mkdir to work with default attr.st_mode (https://github.com/ssh-mitm/ssh-mitm/pull/152)
• Add new option to store output of non-interactive commands (https://github.com/ssh-mitm/ssh-mitm/pull/156)
• moved project dependencies to requirements.in file
• use command name of executable or link in help output

New Contributors

• @mlocutus made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/152
• @thement made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/156

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/4.0.0...4.1.0

What's Changed

Added

• added configuration file to configure default values
• added info and PoC exploit for CVE-2023-25136
• mosh - added more information for decrypted packet
• added json logging format
• added client ip and port to client information #145

Fixed

• added workarround for git to avoid unexpected session termination when EOF was reveived
• added fix for GitHub git operations
• fixes #136 - set paramiko version to >=3,<3.2 to fix private api changes in paramiko

Changed

• set banner name only for server, not for client
• when output is piped to another application, the logformat is switched to json
• changed build system to hatch
• create AppImage with appimagetool instead of AppImage-Builder

Removed

• removed support for Python 3.7
• removed official support for Windows

New Contributors

• @luan1973 made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/130

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/3.0.2...4.0.0

Added

• added requirements.txt which pins the tested packages

Fixed

• fixed infinite loop when client closes connection during authentication
• fixed errors when too much connection attemps happen for the same server
• close transport in probe_host, which can publickey auth lead to fail
• Bump cryptography from 39.0.0 to 39.0.1 by @dependabot in https://github.com/ssh-mitm/ssh-mitm/pull/126

New Contributors

• @dependabot made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/126

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/3.0.1...3.0.2

What's Changed

Fixed

• fixed requirements for installation

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/3.0.0...3.0.1

⚠️ this release is broken

What's Changed

Added

• intercept MOSH connection and print decrypted data as hexdump
• added new function to get client information about used libraries
• added option to disable auth method lookup
• added indicator to docs, if vulnerability check is included in SSH-MITM
• added CVSS scores to vulnerability list in documentation
• added SHA512 fingerprint for server key
• added custom help formatter for cli arguments
• added option to disable auth method lookup

Fixed

• fixed reace condition when tools like pyinfra are intercepted
• fixed documentation about port forwarding to match SSH-MITM v2
• fixed description of CVE-2022-29154
• updated description of CVE-2020-15778

Changed

• changed documentation folder structure
• if mosh is detected, pty will be disabled
• replaced typing.text with str
• removed support for Python 3.6

Removed

• removed dependancy to python enhancements module
• remove unused methods and code
• removed unused update check

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/2.1.0...3.0.0

What's Changed

Added

• Test for CVE-2022-29154 (rsync file injection)
• Updated vulnerability database with new clients

Fixed

• fixed a bug which shows an empty cve list
• fixed finding clients which are derived from other clients
• fix #95 - added workarround for MonaXterms SecureBlackbox SSH implementation

Changed

• removed typecheck decorator

New Contributors

• @gitter-badger made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/108

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/2.0.5...2.1.0

What's Changed

Fixed

• updated CVE-2020-14145 to match openSSH 8.9
• fixed client version check for vulnerabilities when using PuTTY
• fixed .bumpversion.cfg to work with original bump2version command
• catch connection errors during authentication
• fixed scp message order from client to server to match OpenSSH's behavior (found by @oddko #100)
• send server EOF and return code when closing scp channel (found by @oddko #100 , fixed by @zoey-fux #105,#106 )

New Contributors

• @zoey-fux made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/105

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/2.0.4...2.0.5

What's Changed

Fixed

• close scp channel on EOF (found by @oddko)

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/2.0.3...2.0.4

What's Changed

Fixed

• fixed appimage build script
• only show cve information if client has vulnerabilities (fixed by @zoey-fux)
• catch error on closing mirror shell socket (fixed by @zoey-fux)

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/2.0.2...2.0.3

What's Changed

Fixed

• fixed snapcaft.yaml build script
• fixed version numbers in man pages

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/2.0.1...2.0.2

What's Changed

Changed

• snap distribution - base image changed to core20
• Fix typo by @fabaff in https://github.com/ssh-mitm/ssh-mitm/pull/102
• Fix typos by @fabaff in https://github.com/ssh-mitm/ssh-mitm/pull/104

New Contributors

• @fabaff made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/102

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/2.0.0...2.0.1

What's Changed

Changed

• changed license to GPLv3
• renamed module to "sshmitm" - old name "ssh_proxy_server"

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/1.0.0...2.0.0

What's Changed

Added

• added full support for trivial success authentication (spoofing FIDO2 tokens)
• better documentation (by @janbbeck and @lukebarone )
• added typehints and typecheching
• added audit command, which tests publickey authentication with a specific private key

Changed

• separate arguments for remote host and remote port
• changed logoutput format
• port forwarding: set injectable server tunnel forwarder as default forwarder
• replaced wxpython ssh-askpass implementation with tkinter

Fixed

• added workarround for publickey lookup with OpenSSH 8.8

Removed

• Gooey GUI
• removed SFTPHandle from SFTP replace_file plugin
• removed setup.cfg file

New Contributors

• @lukebarone made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/86
• @yosida95 made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/88
• @schettn made their first contribution in https://github.com/ssh-mitm/ssh-mitm/pull/92

Full Changelog: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.3...1.0.0

Fixed

• fixed hostname regex (error in regex)

Fixed

• fixed hostname regex (regex was to strict and not all hostnames were allowed)

Fixed

• missing environment variable in snap file
• fixed ssh-mitm-audit command

Added

• publickey authentication uses the same key as the destination server
• check if publickey authentication is possible
• updated vulnerability database
• added command to probe for known public keys
• save public keys to a file
• added simple gui
• added audit command
• added version check
• autodetect host key type

Changed

• terminal logging changed to rich
• added terminal logging to mirror shell
• use same session log directory for all plugins
• use same icon for appimage and snap
• renamed cli argument '--disable-pubkey-auth' to '--disable-publickey-auth'
• removed arguments to request and forward agent (added autodetect of forwarded agent)

Fixed

• bumpversion config file
• hide strg+c when shutting down server