jmitm2 is a SSH2 man-in-the-middle-attack program based on the SSH2 client/server implementation J2SSH



  • handles as many connections as you want simultaneously (configurable, default is 10)

  • uses log4j for flexible logging

  • speaks SSH2, which all ssh-mitm-attackers I have seen to date don't

  • is easy to extend, e.g. for taking over a session, injecting commands, statistical purposes, new ciphers,...

    Much of this is owed to the great J2SSH API, which is available under the LGPL.

    jmitm2 has already successfully used for training by ASAP-COM GmbH.



    Basically, it is constructed as follows:

  • it extends most server classes to contain a reference to a new object:

  • that object (called MitmGlue) keeps track of each session, looping it through to the remote target host

  • for authentication, a new MitmFakeAuthenticationProvider is created, that passes username and password to the MitmGlue object, which can log them and use them for authentication at the target host



  • You can browse the javadoc online. All classes starting with "Mitm" are part of jmitm2.

  • You can download a copy of the presentation of jmitm2
  • The Studienarbeit (in german) is also available.

    There is a brief description of the usage of jmitm2 available.


    You can download a binary package of jmitm2 that should contain everything neccessary to run the program, as well as a copy of the source of J2SSH 0.1.0, extended by the (in the platforms/ directory) and the com.sshtools.jmitm2 Java package which contains all other jmitm2 classes as source. I developed and built this using eclipse, so as far as compiling is concerned, you'll certainly need log4j, maybe ant or eclipse, and a bit of twiddling. Contact me if you have problems.

    The classes using code from J2SSH are of course LGPL'ed, and so is the jmitm2 code itself. If you have any questions, contact me.



    source code

    239 K





    binary package

    1.5 M