Skip to content

This proxy is used as a proof of concept to detect SSH tunneling over HTTP

License

Notifications You must be signed in to change notification settings

cboin/psychic-spoon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 

Repository files navigation

psychic-spoon

This proxy is used as a proof of concept to detect SSH tunneling over HTTP.

Detection methods

  • Searching for SSH- pattern in HTTP payload
  • Find if the given content type match a detected content type
  • Blacklisting user agents
  • Check if response content length is zero
  • Looking for SSH handshake
    • SSH handshake can be detected by looking at size of packets
  • Count number of HTTP get and HTTP post
  • Replay HTTP get requests
  • Check if total number of HTTP requests is lower than 300
  • Search for echoed HTTP packets
    • Each keystrokes sends over SSH are echoed back to the client by the server.

A cleaner is used to reduce to score

Note yet implemented

  • Compute playload entropy

Bibliography

About

This proxy is used as a proof of concept to detect SSH tunneling over HTTP

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages