Skip to content

sinipelto/ssh-spoofer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

.github/workflows

.github/workflows

 
 

.vscode

.vscode

 
 

bin

bin

 
 

build

build

 
 

img

img

 
 

src

src

 
 

.gitignore

.gitignore

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

Repository files navigation

SSH Packet Spoofer

This utility allows you to spoof SSH packets as HTTP packets, by adding the HTTP header on top of the transmitted packets.

It will help you connect ssh over networks with extremely restrictive firewalls and packaet sniffers blocking SSH connections and packets based on the packet type.

Consists of 2 units launched from the same binary: spoofer and despoofer.

Spoofer will allow real clients to conntect to the spoofer, and will spoof and forward the packets to the despoofer. Despoofer will receive the packets to the real server residing preferably, in the same computer through localhost.

Spoofer architecture:

image not found

Building instructions

Simply build the binary with make:

make

Or build with DEBUG logging:

make debug

Remove any obsolete build stuff:

make clean

Also VSCode settings pre-defined for building and debugging

Running instructions

After building the binary, copy it over to the client and server machines (preferably) or at least to a machine behind the same firewall than the client is resided.

On the client machine/network, run the sender (spoofer) instance simply by:

./bin/spoofer <SPOOFER_HOST/IP=LOCALHOST> <SPOOFER_PORT=1234> <DESPOOFER_HOST/IP> <DESPOOFER_PORT> SPOOFER HTTP

On the server machine/network, run the receiver (despoofer) instance simply by:

./bin/spoofer <DESPOOFER_HOST/IP> <DESPOOFER_PORT> <REAL_SERVER_HOST/IP> <REAL_SERVER_PORT> DESPOOFER HTTP

Then, on the client machine, simply connect SSH through the spoofer:

ssh -p <SPOOFER_PORT> user@<SPOOFER_HOST/IP>

It should open the SSH connection normally.

For example spoofer on the same machine as client, despoofer in the same machine as the real server, exposed through public ip 8.7.6.5 port 8765: Client side, client on the same host:

./bin/spoofer 127.0.0.1 9876 8.7.6.5 8765 SPOOFER HTTP

Server side, server on the same host:

./bin/spoofer 0.0.0.0 8765 127.0.0.1 22 SPOOFER HTTP

Connect:

ssh -p 9876 user@localhost

Notes on hosting

Note that privileged ports 1-1023 requires sudo/root access to host the spoofer/despoofer on. Prefer higher ports. If executing on an on-premises environment, you might need to open the ports required to expose the traffic to outside LAN.

About

SSH traffic HTTP spoofer

Topics

ssh http firewall ssh-server http-client http-server ssh-client traffic-monitoring spoofer firewall-bypass ssh-spoofer ssh-over-http http-ssh

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Mar 10, 2024

Packages

No packages published

Languages