14 August 2009 | 26,939 views

sslsniff v0.6 Released – SSL MITM Tool

Check For Vulnerabilities with Acunetix

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.

It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.

New In Version 0.6

Version 0.6 has been significantly updated to additionally support the null-prefix attacks that was demonstrated at BlackHat 09 and Defcon 17. These allow for completely silent MITM attacks against SSL/TLS in the NSS, Microsoft CryptoAPI, and GnuTLS stacks — ultimately allowing for SSL communication in Firefox, Internet Explorer, Chrome, Thunderbird, Outlook, Evolution, Pidgin, AIM, irssi, and every other client that uses the Microsoft CryptoAPI to be intercepted.

sslsniff has also been updated to support the OCSP attacks that was published at Blackhat 09 and Defcon 17, thus making the revocation of null-prefix certificates very difficult. Additionally, sslsniff now supports modes for hijacking auto-updates from Mozilla products, as well as for Firefox/Thunderbird addons. Attackers can specify payloads of their choice, which will be delivered to the targets being man-in-the-middled.

sslsniff is useful for deploying other vulnerabilities as well. This is the tool that the people who pulled the recent MD5 hash collision publicity stunt used to demonstrate MITM attacks with their rogue CA-certificate. Also, anyone who is capable of obtaining a forged certificate by any means can easily deploy it through sslsniff with the targeted mode designed for null-prefix attacks.

You can download sslsniff v0.6 here:

sslsniff-0.6.tar.gz

Or read more here.



Recent in Forensics:
- HoneyDrive 3 Released – The Premier Honeypot Bundle Distro
- Sysdig – Linux System Troubleshooting Tool
- HoneyDrive Desktop v0.2 Released – Honeypot LiveCD

Related Posts:
- sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool
- Paros Proxy 3.2.12 Released – MITM HTTP and HTTPS Proxy
- Paros Proxy 3.2.11 Released – MITM HTTP and HTTPS Proxy

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 65,738 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 30,294 views
- sslsniff v0.6 Released – SSL MITM Tool - 26,939 views

Low-cost VPS Hosting

3 Responses to “sslsniff v0.6 Released – SSL MITM Tool”

  1. Capt.wheeto 14 August 2009 at 2:46 pm Permalink

    Forgive me if I’m getting confused but I recall this being called SSLstrip =/ I may be wrong though. Is there any difference?

  2. Darknet 14 August 2009 at 4:34 pm Permalink

    Similar and from the same author –

  3. please sir,
    Kindly teach me hack to learn to breaking interswitch Automatic Teller machine of banks