SSLsplit for man-in-the-middle attack

SSLsplit: Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encryptednetwork connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both

IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs

forged X509v3 certificates on-the-fly, based on the original server certificate

subject DN and subjectAltName extension. SSLsplit fully supports Server Name

Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and

ECDHE cipher suites. SSLsplit can also use existing certificates of which the

private key is available, instead of generating forged ones. SSLsplit supports

NULL-prefix CN certificates and can deny OCSP requests in a generic way.

SSLsplit version 0.4.5 released on Nov 07, change logs are

- Add support for 2048 and 4096 bit Diffie-Hellman.

- Fix syslog error messages (issue #6).

- Fix threading issues in daemon mode (issue #5).

- Fix address family check in netfilter NAT lookup (issue #4).

- Fix build on recent glibc systems (issue #2).

- Minor code and build process improvements.

 Download here