sslsniff v0.6 released
This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.
It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.
Changes in 0.6:
- Added support for null-prefix attacks
- Added better logging support
- Added OCSP denial.
- Added support for hijacking auto-updates
Tool Submitted by Maximiliano Soler
Post scriptum
Compliance Mandates
|
Related Articles
Data Sniffer |
|
Penetration testing & Ethical Hacking |
|
sslsniff |
|