SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing. It terminates SSL/TLS and initiates a new connection to the original destination, logging all data transmitted. It supports plain TCP and SSL, HTTP and HTTPS, and IPv4 and IPv6. For SSL and HTTPS, it generates and signs forged X509v3 certificates on-the-fly using the original certificate's subject DN and subjectAltName extension. It supports Server Name Indication, RSA, DSA, and ECDSA keys, and DHE and ECDHE cipher suites. It can also use existing certificates if the private key is available.
sec-wall is a feature-packed security proxy that supports SSL/TLS, WS-Security, HTTP Auth Basic/Digest, extensible authentication schemes based on custom HTTP headers and XPath expressions, powerful URL matching/rewriting, and an optional header enrichment. It's a security wall with which you can conveniently fence otherwise defenseless backend servers.