sslcaudit包装说明

sslcaudit项目的目标是开发一个工具来测试SSL / TLS客户端自动进行对MITM攻击性。这可能是用于测试胖客户端,移动应用,家电,几乎任何SSL通信的有益/ TLS通过TCP。 资料来源:http://www.gremwell.com/sites/default/files/sslcaudit/doc/sslcaudit-user-guide-1.0.pdf

sslcaudit首页 | 卡利sslcaudit回购

  • 作者:Gremwell
  • 许可:GPLv3的

    0x01 包含在sslcaudit包工具

    sslcaudit - 测试SSL / TLS客户易患MITM攻击
    :~# sslcaudit -h
Usage: sslcaudit [OPTIONS]
Options:
--version             show program's version number and exit
-h, --help            show this help message and exit
-l LISTEN_ON          Specify IP address and TCP PORT to listen on, in
                      format of HOST:PORT. Default is 0.0.0.0:8443
-m MODULES            Launch specific modules. For now the only functional
                      module is 'sslcert'. There is also 'dummy' module used
                      for internal testing or as a template code for new
                      modules. Default is sslcert
-v VERBOSE            Increase verbosity level. Default is 0. Try 1.
-d DEBUG_LEVEL        Set debug level. Default is 0, which disables
                      debugging output. Try 1 to enable it.
-c NCLIENTS           Number of clients to handle before quitting. By
                      default sslcaudit will quit as soon as it gets one
                      client fully processed.
-N TEST_NAME          Set the name of the test. If specified will appear in
                      the leftmost column in the output.
-T SELF_TEST          Launch self-test. 0 - plain TCP client, 1 - CN
                      verifying client, 2 - curl.
--user-cn=USER_CN     Set user-specified CN.
--server=SERVER       Where to fetch the server certificate from, in
                      HOST:PORT format.
--user-cert=USER_CERT_FILE
                      Set path to file containing the user-supplied
                      certificate.
--user-key=USER_KEY_FILE
                      Set path to file containing the user-supplied key.
--user-ca-cert=USER_CA_CERT_FILE
                      Set path to file containing certificate for user-
                      supplied CA.
--user-ca-key=USER_CA_KEY_FILE
                      Set path to file containing key for user-supplied CA.
--no-default-cn       Do not use default CN
--no-self-signed      Don't try self-signed certificates
--no-user-cert-signed
                      Do not sign server certificates with user-supplied one

    0x02 sslcaudit用法示例

    监听443端口 (-L 0.0.0.0:443) 在详细模式 (-v 1): 
:~# sslcaudit -l 0.0.0.0:443 -v 1
# filebag location: sslcaudit.1
127.0.0.1:38978  selfsigned(www.example.com)                                  tlsv1 alert unknown ca

原文来自https://www.hackfun.org/kali-tools/sslcaudit_zh.html。转载请注明原出处,商用请联系原作者授权。

results matching ""

    No results matching ""