Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MiTM with https there are any tools ?

From: Rik Bobbaers <Rik.Bobbaers () cc kuleuven be>
Date: Mon, 6 Mar 2006 15:24:38 +0100
On Monday 06 March 2006 14:34, Vincent Archer wrote:

Standard tools, not to my knowledge.

We do have a web proxy that does MITM for https traffic (with re-signing
of site certificates once validated with our own CA which is added to
local browsers), but that's not a publically available tool (it is still
in beta, and will be added to our product catalog fairly soon).

If you control the destination, and have access to the SSL key used by the
server, you can use the ssldump utility ( http://www.rtfm.com/ssldump/ )
to decrypt a tcpdump capture of the SSL traffic.

Ettercap looks like it has the ssldump feature integrated, but, again, you
do need to have the SSL key of the server to decipher the session.


i wrote an ssl mitm tool some time ago:

http://harry.ulyssis.org/code/ssl_proxy.pl

let me know if that's what you wanted or not... or have fun with it :)

-- 
harry
aka Rik Bobbaers

K.U.Leuven - LUDIT          -=- Tel: +32 485 52 71 50
Rik.Bobbaers () cc kuleuven be -=- http://harry.ulyssis.org

"Work hard and do your best, it'll make it easier for the rest"
-- Garfield

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: