SSLsplit包装说明
SSLsplit是人在这方面的中间人攻击SSL的工具/ TLS加密的网络连接。连接是通过一个网络地址转换引擎透明拦截并重定向到SSLsplit。 SSLsplit终止SSL / TLS和启动一个新的SSL / TLS连接到原来的目的地址,同时记录传输的所有数据。 SSLsplit旨在成为网络取证和渗透测试非常有用。 SSLsplit支持普通TCP,普通SSL,HTTP和通过IPv4和IPv6的HTTPS连接。对于SSL和HTTPS连接,SSLsplit生成和体征伪造采用X509v3证书上的即时,在原有基础上的服务器证书主题DN和subjectAltName扩展。 SSLsplit完全支持服务器名称指示(SNI),并能够与RSA,DSA和ECDSA密钥和DHE和ECDHE密码套件的工作。 SSLsplit还可以使用现有证书其中的私钥,而不是生成伪造的人可用,。 SSLsplit支持NULL前缀CN证书,并可以拒绝在一个通用的方法OCSP请求。 SSLsplit删除HPKP响应头,以防止公共密钥钉扎。 资料来源:http://www.roe.ch/SSLsplit
- 作者:丹尼尔·罗特利斯伯格
许可:BSD
0x01 包含在sslsplit包工具
sslsplit - 透明和可扩展的SSL / TLS的拦截
:~# sslsplit -h Usage: sslsplit [options...] [proxyspecs...] -c pemfile use CA cert (and key) from pemfile to sign forged certs -k pemfile use CA key (and cert) from pemfile to sign forged certs -C pemfile use CA chain from pemfile (intermediate and root CA certs) -K pemfile use key from pemfile for leaf certs (default: generate) -t certdir use cert+chain+key PEM files from certdir to target all sites matching the common names (non-matching: generate if CA) -O deny all OCSP requests on all proxyspecs -P passthrough SSL connections if they cannot be split because of client cert auth or no matching cert and no CA (default: drop) -g pemfile use DH group params from pemfile (default: keyfiles or auto) -G curve use ECDH named curve (default: secp160r2 for non-RSA leafkey) -Z disable SSL/TLS compression on all connections -s ciphers use the given OpenSSL cipher suite spec (default: ALL:-aNULL) -e engine specify default NAT engine to use (default: netfilter) -E list available NAT engines and exit -u user drop privileges to user (default if run as root: nobody) -j jaildir chroot() to jaildir (default if run as root: /var/empty) -p pidfile write pid to pidfile (default: no pid file) -l logfile connect log: log one line summary per connection to logfile -L logfile content log: full data to file or named pipe (excludes -S) -S logdir content log: full data to separate files in dir (excludes -L) -d daemon mode: run in background, log error messages to syslog -D debug mode: run in foreground, log debug messages on stderr -V print version information and exit -h print usage information and exit proxyspec = type listenaddr+port [natengine|targetaddr+port|"sni"+port] e.g. http 0.0.0.0 8080 www.roe.ch 80 # http/4; static hostname dst https ::1 8443 2001:db8::1 443 # https/6; static address dst https 127.0.0.1 9443 sni 443 # https/4; SNI DNS lookups tcp 127.0.0.1 10025 # tcp/4; default NAT engine ssl 2001:db8::2 9999 pf # ssl/6; NAT engine 'pf' Example: sslsplit -k ca.key -c ca.pem -P https 127.0.0.1 8443 https ::1 8443
0x02 sslsplit用法示例
在调试模式 (-D)运行 ,记录的连接 (-l connections.log), 设置chroot监牢 (-j的/ tmp / sslsplit /), 将文件保存到磁盘 (-S / tmp目录/), 指定密钥 ( -k的ca.key), 指定证书 (-C ca.crt), 指定 SSL(SSL), 并配置代理服务器 (0.0.0.0 8443 TCP 0.0.0.0 8080) :
:~# sslsplit -D -l connections.log -j /tmp/sslsplit/ -S /tmp/ -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080
Generated RSA key for leaf certs.
SSLsplit 0.4.6 (built 2013-06-06)
Copyright (c) 2009-2013, Daniel Roethlisberger <
>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
原文来自:https://www.hackfun.org/kali-tools/sslsplit_zh.html。转载请注明原出处,商用请联系原作者授权。