Projects / SSLsplit

SSLsplit

SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing. It terminates SSL/TLS and initiates a new connection to the original destination, logging all data transmitted. It supports plain TCP and SSL, HTTP and HTTPS, and IPv4 and IPv6. For SSL and HTTPS, it generates and signs forged X509v3 certificates on-the-fly using the original certificate's subject DN and subjectAltName extension. It supports Server Name Indication, RSA, DSA, and ECDSA keys, and DHE and ECDHE cipher suites. It can also use existing certificates if the private key is available.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

  •  15 Jan 2014 23:45

    Release Notes: This release adds experimental support for pf on Mac OS X, and adds support for pf divert-to on FreeBSD and OpenBSD. SSLsplit now removes headers advertising support for SPDY/QUIC from HTTP responses. Additionally, a number of segmentation faults, a memory leak, and a file descriptor leak have been fixed, greatly improving overall stability.

    •  03 Jul 2013 02:10

      Release Notes: This release prevents IETF draft public key pinning by removing HPKP headers from responses. Also, remaining threading issues in daemon mode are fixed, and the connection log now contains the HTTP status code and the size of the response.

      •  03 Jun 2013 20:54

        Release Notes: This bugfix release fixes a bug in passthrough mode (-P) when no matching certificate is found for a connection (issue 9) and a bug in binding to ports < 1024 with default settings (issue 8). Additionally, it works around a bug in OpenSSL 1.0.0k and 1.0.1e which caused a segmentation fault when loading certificates or keys.

        •  08 Nov 2012 02:48

          Release Notes: This maintenance release fixes a number of bugs, including daemon mode issues related to threading and a problem in the Linux netfilter support. It adds support for 2048- and 4096-bit Diffie-Hellman.

          •  13 May 2012 01:40

            Release Notes: This release adds improvements to OCSP denial and bugfixes.

            Screenshot

            Project Spotlight

            wacky-tracky

            A modern task tracking application that follows open standards and supports tags, subtasks, and more.

            Screenshot

            Project Spotlight

            le editor

            Text editor with powerful block operations, similar to NE.