sslsniff v0.6 released

In: Data Sniffer , Penetration testing & Ethical Hacking , sslsniff

5 August 2009

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.

It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.

Changes in 0.6:

Added support for null-prefix attacks
Added better logging support
Added OCSP denial.
Added support for hijacking auto-updates

Tool Submitted by Maximiliano Soler

Post scriptum

Download

Compliance Mandates

Penetration testing & Ethical Hacking :
PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

Data Sniffer	7 May 2010 : WireShark 1.2.8 released 12 April 2010 : Suricata v0.8.1 released 9 April 2010 : CSniffer Command Line Network Sniffer v1.0.0.3 released 7 April 2010 : TCPDump v4.1.1 and LIBPCap v1.1.1 released 1 April 2010 : WireShark 1.2.7 released
Penetration testing & Ethical Hacking	10 May 2010 : SQLNinja v0.2.5 released! 1 May 2010 : DAVTest v1.0 - WebDAV Application 25 April 2010 : (Paper) Pentesting Adobe Flex Applications (introducing new tool Blazentoo) 25 April 2010 : SIP Inspector v1.10 released 15 April 2010 : Ubuntu Pentest Edition v2.03 released
sslsniff	5 August 2009 : sslsniff v0.6 released

sslsniff v0.6 released

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU