Monday, 6 May 2013

SSLsplit for man-in-the-middle attack

SSLsplit: Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encryptednetwork connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both
IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs
forged X509v3 certificates on-the-fly, based on the original server certificate
subject DN and subjectAltName extension. SSLsplit fully supports Server Name
Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and
ECDHE cipher suites. SSLsplit can also use existing certificates of which the
private key is available, instead of generating forged ones. SSLsplit supports
NULL-prefix CN certificates and can deny OCSP requests in a generic way.

SSLsplit version 0.4.5 released on Nov 07, change logs are

- Add support for 2048 and 4096 bit Diffie-Hellman.
- Fix syslog error messages (issue #6).
- Fix threading issues in daemon mode (issue #5).
- Fix address family check in netfilter NAT lookup (issue #4).
- Fix build on recent glibc systems (issue #2).
- Minor code and build process improvements.Download Here

No comments:

Post a Comment