jmitm2 is a SSH2 man-in-the-middle-attack program based on the SSH2 client/server implementation J2SSH.

 

jmitm2 operates on OSI layer four and above, so you need to do DNS- or ARP-Spoofing using the utilities provided by e.g. the dsniff package before you can do an attack. I won't describe these two techniques hera as a) there's plenty of information on these topics on the internet, b) I won't make things too easy for you, and c) I'm busy doing other things ;)

So, what to do with the jmitm2 binary package after download, verification of its signature, and extraction? Well,

  • set ListenAddress and Port to the IP Adress you will redirect traffic to (i.e. the machine "In the middle") in conf/server.xml. The default port for SSH is 22.

  • (redirect traffic using dsniff)

  • start jmitm2 using ./runm.sh in the bin/ subdirectory. You need to edit this file before using it: First parameter is the IP address of the target host, second parameter is his port (usually 22). The "target host" is the host a possible attack victim is going to log into.

     

    You'll need Java 1.4, a lot of RAM (well, this is Java ;), and root privileges for binding to TCP port 22. If you don't have these privileges or simply want to test first, use a port above 1024.

    Example: The machine running jmitm2 is 192.168.0.50, the target host is 192.168.0.100 with a DNS name of ssh.server.com. That implies

    ==> ListenAddress 192.168.0.50, Port 22

    ==> in bin/runm.sh, use 192.168.0.100 22 as parameters for calling MitmGlue

    ==> redirect ssh.server.com to 192.168.0.50 using dsniff

    Okay, that's it - almost. You need to connect jmitm2 first, and watch it connect to the target host. It will ask you on the console whether or not to accept the target host's SSH public key - verify and accept it (say "Always"). After that, the key is known to jmitm2, and you can start your "attacks". Oh, as a sidenote: jmitm2's log output by default is really pretty noisy which can be fun when trying to understand its modus operandi, but if you don't want to drown in information, it's advisable to grep its output for "mitm" or (maybe better ;) "password" via a pipe.

    Note: Please remember that this program was written for academic purposes, not to break any laws or to spy on your neighbor's mail. Please use it in that spirit.