All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
5.0.0 - 2024-06-29
- easier plugin development
- SSH-MITM uses "appimage" module to start the AppImage
- merged SOCKS4 and SOCKS5 module in a single module
- prepend entry points with "sshmitm" to avoid name conflicts
- updated vulnerability db
4.1.1 - 2023-11-01
- fixed python source distribution - reported by p-linnane
4.1.0 - 2023-10-31
- fixed AppImage build process
- better output for Flatpak
- allow mkdir to work with default attr.st_mode (ssh-mitm#152)
- Add new option to store output of non-interactive commands (ssh-mitm#156)
- moved project dependencies to requirements.in file
- use command name of executable or link in help output
4.0.0 - 2023-09-14
- added configuration file to configure default values
- added info and PoC exploit for CVE-2023-25136
- mosh - added more information for decrypted packet
- added json logging format
- added client ip and port to client information #145
- added workarround for git to avoid unexpected session termination when EOF was reveived
- added fix for GitHub git operations
- fixes #136 - set paramiko version to >=3,<3.2 to fix private api changes in paramiko
- set banner name only for server, not for client
- when output is piped to another application, the logformat is switched to json
- changed build system to hatch
- create AppImage with appimagetool instead of AppImage-Builder
- removed support for Python 3.7
- removed official support for Windows
3.0.2 - 2023-02-14
- added requirements.txt which pins the tested packages
- fixed infinite loop when client closes connection during authentication
- fixed errors when too much connection attemps happen for the same server
- close transport in probe_host, which can publickey auth lead to fail
3.0.1 - 2022-12-18
- fixed requirements for installation
3.0.0 - 2022-12-18
- intercept MOSH connection and print decrypted data as hexdump
- added new function to get client information about used libraries
- added option to disable auth method lookup
- added indicator to docs, if vulnerability check is included in SSH-MITM
- added CVSS scores to vulnerability list in documentation
- added SHA512 fingerprint for server key
- added custom help formatter for cli arguments
- added option to disable auth method lookup
- fixed reace condition when tools like pyinfra are intercepted
- fixed documentation about port forwarding to match SSH-MITM v2
- fixed description of CVE-2022-29154
- updated description of CVE-2020-15778
- changed documentation folder structure
- if mosh is detected, pty will be disabled
- replaced typing.text with str
- removed support for Python 3.6
- removed dependancy to python enhancements module
- remove unused methods and code
- removed unused update check
2.1.0 - 2022-08-05
- Test for CVE-2022-29154 (rsync file injection)
- Updated vulnerability database with new clients
- fixed a bug which shows an empty cve list
- fixed finding clients which are derived from other clients
- fix #95 - added workarround for MonaXterms SecureBlackbox SSH implementation
- removed typecheck decorator
2.0.5 - 2022-06-17
- updated CVE-2020-14145 to match openSSH 8.9
- fixed client version check for vulnerabilities when using PuTTY
- fixed .bumpversion.cfg to work with original bump2version command (suggested by @FredM)
- catch connection errors during authentication
- fixed scp message order from client to server to match OpenSSH's behavior (found by @oddko)
- send server EOF and return code when closing scp channel (found by @oddko, fixed by @zoey-fux)
2.0.4 - 2022-06-12
- close scp channel on EOF (found by @oddko)
2.0.3 - 2022-05-22
- fixed appimage build script
- only show cve information if client has vulnerabilities
- catch error on closing mirror shell socket
2.0.2 - 2022-05-20
- fixed snapcaft.yaml build script
- fixed version numbers in man pages
2.0.1 - 2022-05-20
- snap distribution - base image changed to core20
2.0.0 - 2022-04-01
- changed license to GPLv3
- renamed module to "sshmitm" - old name "ssh_proxy_server"
1.0.0 - 2022-02-07
- added full support for trivial success authentication
- better documentation
- added typehints and typecheching
- added audit command, which tests publickey authentication with a specific private key
- separate arguments for remote host and remote port
- changed logoutput format
- port forwarding: set injectable server tunnel forwarder as default forwarder
- replaced wxpython ssh-askpass implementation with tkinter
- added workarround for publickey lookup with OpenSSH 8.8
- Gooey GUI
- removed SFTPHandle from SFTP replace_file plugin
- removed setup.cfg file
0.6.3 - 2021-11-04
- fixed hostname regex (error in regex)
0.6.2 - 2021-11-04
- fixed hostname regex (regex was to strict and not all hostnames were allowed)
0.6.1 - 2021-09-21
- missing environment variable in snap file
- fixed ssh-mitm-audit command
0.6.0 - 2021-09-13
- publickey authentication uses the same key as the destination server
- check if publickey authentication is possible
- updated vulnerability database
- added command to probe for known public keys
- save public keys to a file
- added simple gui
- added audit command
- added version check
- autodetect host key type
- terminal logging changed to rich
- added terminal logging to mirror shell
- use same session log directory for all plugins
- use same icon for appimage and snap
- renamed cli argument '--disable-pubkey-auth' to '--disable-publickey-auth'
- removed arguments to request and forward agent (added autodetect of forwarded agent)
- bumpversion config file
- hide strg+c when shutting down server
0.5.13 - 2021-07-16
- reorganized command line arguments - plugin args are now grouped
- fixed closing session when open channels exist
0.5.12 - 2021-07-13
- handle subsystem errors in sftp server
- ssh-mitm passes the return code of ssh commands to the client
- fixed error in sftp client, when ssh client does not exist
- pass env and window change requests to the server
- added asyncssh key negotiation vulnerability check
- added rubynetssh default key algorithms
0.5.11 - 2021-07-01
- fixed dropbear vulndb
0.5.10 - 2021-07-01
- missing python packages for snap and flatpak
0.5.9 - 2021-07-01
- print host key fingerprints on startup
- added client version check against known vulnerabilities
- added option to start ssh-mitm as module
0.5.8 - 2021-06-28
- use password cmd arg with all auth methods
- changed none auth to be rfc conform
- added keyboard-interactive authentication as alternative to password authentication
0.5.7 - 2021-06-10
- fixed "variable referenced before assignment" bug
- added '--version' cmd argument
- Changed remote software name to 'SSHMITM_VERSIONSTRING'
0.5.6 - 2021-06-09
- fixed transparent mode in AppImage
0.5.5 - 2021-05-31
- fixed error when parsing converted IPv4 to IPv6 converted addresses
0.5.4 - 2021-05-12
- added new plugin to debug ssh command traffic
- increase buffer length to avoid broken connections with git
- do not close session on eof
0.5.3 - 2021-05-12
- fixed ssh command
ssh -C <command> - ssh command now compatible with git
0.5.2 - 2021-05-07
- added default algorithms for OpenSSH 8.5 and 8.6 (CVE-202014145)
0.5.1 - 2021-05-03
- sftp client is created only on sftp subsystem request
0.5.0 - 2021-03-26
- support remote port forwarding (ssh -R)
- support for proxyjump (ssh -W /-J) over the ssh-mitm server
- remote tunnel injection feature
- handling of local port forwarding (passes through the tcpip stream to the remote)
0.4.3 - 2021-03-09
- compatibility with dropbear ssh clients
0.4.2 - 2021-03-05
- implemented CVE-2020-14002 (Putty information leak)
- option to use ed25519 host keys
0.4.1 - 2021-03-02
- removed injectorshell because it will be integrated in ssh-mitm-plugins (maintained by @The5imon)
0.4.0 - 2021-02-12
- added port forwarding (only client to proxy at the moment)
- fixed pseudo terminal on exec command