On 2013/11/28 15:52, Stuart Henderson wrote: > -- -- -- > SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS > encrypted network connections. Connections are transparently intercepted > through a firewall/network address translation engine and redirected to > SSLsplit. > > SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to > the original destination address, while logging all data transmitted. > SSLsplit is intended to be useful for network forensics and penetration > testing. > > SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over > both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates > and signs forged X509v3 certificates on-the-fly, based on the original > server certificate subject DN and subjectAltName extension. SSLsplit > fully supports Server Name Indication (SNI) and is able to work with > RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can > also use existing certificates of which the private key is available, > instead of generating forged ones. SSLsplit supports NULL-prefix CN > certificates and can deny OCSP requests in a generic way. SSLsplit > removes HPKP response headers in order to prevent public key pinning. > -- -- -- > > OK to import? >
PS pretend that .todo is not present :)
