Install Now
sslsniff - SSL/TLS man-in-the-middle attack tool
Contents
Description
This manual page documents briefly the sslsniff command.
sslsniff is designed to create man-in-the-middle (MITM) attacks for SSL/TLS connections, and dynamically
generates certs for the domains that are being accessed on the fly. The new certificates are constructed
in a certificate chain that is signed by any certificate that is provided.
sslsniff also supports other attacks like null-prefix or OCSP attacks to achieve silent interceptions of
connections when possible.
Examples
To intercept traffic on port 8443, start sslsniff on a local port:
sslsniff-a-c/usr/share/sslsniff/certs/wildcard-s4433-w/tmp/sslsniff.log
and redirect traffic to this port using the iptables nat table:
iptables-tnat-APREROUTING-ptcp--destination-port8443-jREDIRECT--to-ports4433Name
sslsniff - SSL/TLS man-in-the-middle attack tool
Notes
sslsniff works only on the FORWARD traffic (not on INPUT or OUTPUT).
Options
Modes:
-a Authority mode. Specify a certificate that will act as a CA.
-t Targeted mode. Specify a directory full of certificates to target.
Required options:
-c<file|directory>
File containing CA cert/key (authority mode) or directory containing a collection of certs/keys
(targeted mode)
-s<port>
Port to listen on for SSL interception.
-w<file>
File to log to
Optional options:
-u<updateLocation>
Location of any Firefox XML update files.
-m<certificateChain>
Location of any intermediary certificates.
-h<port>
Port to listen on for HTTP interception (required for fingerprinting).
-f<ff,ie,safari,opera>
Only intercept requests from the specified browser(s).
-d Deny OCSP requests for our certificates.
-p Only log HTTP POSTs
-e<url>
Intercept Mozilla Addon Updates
-j<sha256>
The sha256sum value of the addon to inject
Synopsis
sslsniff [options]
PNG Icons