Skip to content

MobaXterm

Validate MobaXterm's SSH, SFTP, X11 forwarding, and clipboard behaviors under the Secure Sandbox.

Objectives

  • Enforce deny-by-default egress for SSH and SFTP connections; verify proxy enforcement.
  • Ensure X11 forwarding does not bypass network controls.
  • Verify clipboard/drag-drop boundaries between MobaXterm and the host.

Preconditions

  • Windows target with Turbo Launcher and Secure Sandbox.
  • MobaXterm installed.

Controls Under Test

  • runtime.networking.egressDefaultAction, proxy enforcement.
  • runtime.dataMotion.rules[] with channel: "clipboard"|"dragDrop".

Test Scenarios

IDCanonical IDScenarioProcedureExpected Outcome
SCEN-APP-MOBAXTERM-01NET-EGRESS-01SSH to Disallowed IPOpen local terminal; run ssh user@<IP>.Connection fails (timeout or proxy deny).
SCEN-APP-MOBAXTERM-02NET-EGRESS-10SFTP via Designated ProxyInitiate SFTP session to an allowlisted site via the designated proxy.Connection succeeds only when proxy identity/pinning is valid; traffic traverses the proxy; on mismatch, TLS handshake fails. Audit includes proxyEnforced: true and reason when denied.
SCEN-APP-MOBAXTERM-03NET-ISOLATE-01X11 ForwardingEnable X11; launch X app (e.g. xclock) from remote session.Display path remains internal; no external egress to host services. Localhost isolation holds; audit shows no external network egress.
SCEN-APP-MOBAXTERM-04DM-CLIP-01Clipboard OutboundCopy text from remote terminal; paste to host.Denied/processed per policy (e.g. deny or audit).
SCEN-APP-MOBAXTERM-05DM-DRAG-01File Drag-DropDrag file from MobaXterm sidebar to Host Desktop.Blocked per policy.
SCEN-APP-MOBAXTERM-06HARD-FILES-01Local BrowserUse MobaXterm local browser to explore C:.Visibility restricted to Storage Contexts; cannot see blocked host paths.

Evidence Requirements

  • network events: protocol (tcp/22), destination, action, outcome.
  • dataMotion events: channel, direction, action for clipboard/dragDrop.