01 July 2011 | 11,571 views

sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool

Prevent Network Security Leaks with Acunetix

It’s been a while since the last sslsniff release back in August 2009 with version 0.6 – sslsniff v0.6 Released – SSL MITM Tool. Version 0.7 was finally released earlier in the year in April – so here it is.

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.

It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.

The three steps to get this running are:

  • Download and run sslsniff-0.7.tar.gz
  • Setup iptables
  • Run arp-spoof

Changes in 0.7

  • Fixed some networking shuffling bugs (thanks Daniel Roethlisberger)
  • Added basic compatibility with BSD pf (thanks Daniel Roethlisberger)

You can download sslsniff v0.7 here:

sslsniff-0.7.tar.gz

Or read more here.



Recent in Hacking Tools:
- dirs3arch – HTTP File & Directory Brute Forcing Tool
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
- SHODAN – Expose Online Devices (Wind Turbines, Power Plants & More!)

Related Posts:
- sslsniff v0.6 Released – SSL MITM Tool
- The Middler – User Session Cloning & MITM Tool
- FakeIKEd – Fake IKE Daemon Tool For MITM

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,857,253 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,042,695 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 618,822 views

Low-cost VPS Hosting

Comments are closed.