Black Hat Python — SSH Tunnelling with Paramiko

Ismail Akkila
Aug 27, 2017 · 2 min read

Chapter 2 ends with an SSH Tunnelling example. This post will show how to tunnel traffic from server to client using SSH. The end goal is to be able to access a machine or service that is reachable from the client using a localhost/ 127.0.0.1 address on the server over the ssh tunnel. This is called reverse port forwarding.


Here is client script.:

And the server:

In my limited testing, I was able to access a webpage on https://127.0.0.1:8888 server side and tunnel the traffic to its destination which is the webserver reachable from the client. The destination is 10.0.0.3 listening on tcp 9005.

Server output:

python3 ch2_rforward_server.py 127.0.0.1 22022[*] Bind Success 127.0.0.1:22022
[*] Incoming TCP connection from 127.0.0.1:57506
[*] SSH Negotiation Success
[*] Authenticating
[*] Success - SSH channel active
[*] Incoming tunneled conenction from 127.0.0.1:57525
[*] Sending 179 bytes via SSH Channel
[*] Sending 1024 bytes via TCP Channel
[*] Sending 175 bytes via TCP Channel
[*] Sending 126 bytes via SSH Channel
[*] Sending 226 bytes via TCP Channel
[*] Incoming tunneled conenction from 127.0.0.1:57529
[*] Sending 179 bytes via SSH Channel
[*] Sending 1024 bytes via TCP Channel
[*] Sending 175 bytes via TCP Channel
[*] Sending 126 bytes via SSH Channel
[*] Sending 226 bytes via TCP Channel

Client Output:

python3 ch2_rforward.py 8888 127.0.0.1 22022 10.0.0.3 9005[*] SSH reverse port forwarding tool started
Enter username: user
Enter password: password
[*] Starting reverse port forwarding
[*] Started. Waiting for tcp connection on 127.0.0.1:8888 from SSH server
[*] Established tcp connection to 10.0.0.3:9005
[*] Sending 179 bytes via TCP socket
[*] Sending 1024 bytes via SSH channel
[*] Sending 175 bytes via SSH channel
[*] Sending 126 bytes via TCP socket
[*] Sending 226 bytes via SSH channel
[*] Established tcp connection to 10.0.0.3:9005
[*] Sending 179 bytes via TCP socket
[*] Sending 1024 bytes via SSH channel
[*] Sending 175 bytes via SSH channel
[*] Tunnel connection is closed
[*] Sending 126 bytes via TCP socket
[*] Sending 226 bytes via SSH channel

Moving on to chapter 3: Raw Sockets and Sniffing!

)

Ismail Akkila

Written by

I live and breathe technology. Curious about programming, cryptocurrencies and cybersecurity.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade