[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200603061524.38841.Rik.Bobbaers@cc.kuleuven.be>
Date: Mon Mar 6 14:24:47 2006
From: Rik.Bobbaers at cc.kuleuven.be (Rik Bobbaers)
Subject: MiTM with https there are any tools ?
On Monday 06 March 2006 14:34, Vincent Archer wrote:
> Standard tools, not to my knowledge.
>
> We do have a web proxy that does MITM for https traffic (with re-signing
> of site certificates once validated with our own CA which is added to
> local browsers), but that's not a publically available tool (it is still
> in beta, and will be added to our product catalog fairly soon).
>
> If you control the destination, and have access to the SSL key used by the
> server, you can use the ssldump utility ( http://www.rtfm.com/ssldump/ )
> to decrypt a tcpdump capture of the SSL traffic.
>
> Ettercap looks like it has the ssldump feature integrated, but, again, you
> do need to have the SSL key of the server to decipher the session.
i wrote an ssl mitm tool some time ago:
http://harry.ulyssis.org/code/ssl_proxy.pl
let me know if that's what you wanted or not... or have fun with it :)
--
harry
aka Rik Bobbaers
K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50
Rik.Bobbaers@...kuleuven.be -=- http://harry.ulyssis.org
"Work hard and do your best, it'll make it easier for the rest"
-- Garfield
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Powered by blists - more mailing lists