SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS
encrypted network connections. Connections are transparently intercepted
through a firewall/network address translation engine and redirected to
SSLsplit.
SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to
the original destination address, while logging all data transmitted.
SSLsplit is intended to be useful for network forensics and penetration
testing.
SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over
both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates
and signs forged X509v3 certificates on-the-fly, based on the original
server certificate subject DN and subjectAltName extension. SSLsplit
fully supports Server Name Indication (SNI) and is able to work with
RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can
also use existing certificates of which the private key is available,
instead of generating forged ones. SSLsplit supports NULL-prefix CN
certificates and can deny OCSP requests in a generic way. SSLsplit
removes HPKP response headers in order to prevent public key pinning.
parsing compressed packets) and includes the patch we had for
CVE-2013-4242 (Yarom/Falkner flush+reload side-channel attack on RSA
secret keys already had a patch). Input from and ok sthen@
have become pretty useless nowadays (and the pkg tools do not display
them anyway).
Some which contained valuable information have been turned into READMEs.
ok jasper@ sthen@
input/ok naddy@
While here:
- drop MAINTAINER per his request
- drop the unhelpful HOMEPAGE in favor of the default one coming with
the cpan module
- install Crypt/OpenSSL/DSA/Signature.pod for symmetry between man(1)
and perldoc(1)
- tests now use Digest::SHA which is in base
ok jasper@ (former maintainer)
This is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve
Digital Signature Algorithm), implemented purely in Python, released under
the MIT license. With this library, you can quickly create keypairs (signing
key and verifying key), sign messages, and verify the signatures. The keys
and signatures are very short, making them easy to handle and incorporate
into other protocols.
ok sthen@
