| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200603061524.38841.Rik.Bobbaers@cc.kuleuven.be> Date: Mon Mar 6 14:24:47 2006 From: Rik.Bobbaers at cc.kuleuven.be (Rik Bobbaers) Subject: MiTM with https there are any tools ? On Monday 06 March 2006 14:34, Vincent Archer wrote: > Standard tools, not to my knowledge. > > We do have a web proxy that does MITM for https traffic (with re-signing > of site certificates once validated with our own CA which is added to > local browsers), but that's not a publically available tool (it is still > in beta, and will be added to our product catalog fairly soon). > > If you control the destination, and have access to the SSL key used by the > server, you can use the ssldump utility ( http://www.rtfm.com/ssldump/ ) > to decrypt a tcpdump capture of the SSL traffic. > > Ettercap looks like it has the ssldump feature integrated, but, again, you > do need to have the SSL key of the server to decipher the session. i wrote an ssl mitm tool some time ago: http://harry.ulyssis.org/code/ssl_proxy.pl let me know if that's what you wanted or not... or have fun with it :) -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers@...kuleuven.be -=- http://harry.ulyssis.org "Work hard and do your best, it'll make it easier for the rest" -- Garfield Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Powered by blists - more mailing lists