doesn’t seem to be specific target-capable, it intercepts it all
apt install sslsplit sslsplit -V
ls -lF /etc/sslsplit/dh.pem # no exist
openssl dhparam -out /etc/sslsplit/dh.pem 2048
chmod 444 /etc/sslsplit/dh.pem
cd /etc/sslsplit/
grep -vE '^#|^$' sslsplit.conf.sample > sslsplit.conf.clean
grep -vE '^#|^$' sslsplit.conf.sample > sslsplit.conf
we need to specify another interface than localhost so that --to-port can work
vi sslsplit.conf CACert /etc/ssl/prime256v1.crt CAKey /etc/ssl/prime256v1.key Daemon no WriteGenCertsDir /var/log/sslsplit/generated WriteAllCertsDir /var/log/sslsplit Passthrough yes DHGroupParams /etc/sslsplit/dh.pem ECDHCurve prime256v1 ContentLogDir /var/log/sslsplit/content ProxySpec https 0.0.0.0 8443 mkdir -p /var/log/sslsplit/generated/ mkdir -p /var/log/sslsplit/content/
sslsplit -E sslsplit -f /etc/sslsplit/sslsplit.conf -D netstat -lntup | grep sslsplit
start
sslsplit -f /etc/sslsplit/sslsplit.conf -d
status
pgrep -a sslsplit
stop
pkill sslsplit
nic=dummybr0
intercept 443/tcp
iptables -t nat -A PREROUTING -i $nic -p tcp --dport 443 \
-j REDIRECT --to-port 8443
clean-up
iptables -t nat -D PREROUTING -i $nic -p tcp --dport 443 \
-j REDIRECT --to-port 8443
https://github.com/droe/sslsplit
https://blog.heckel.io/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/ https://www.reddit.com/r/AskNetsec/comments/2q06xt/how_does_sslsplit_forge_ssl_certs/ https://github.com/droe/sslsplit https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/intercepting-ssl-and-https-traffic-with-mitmproxy-and-sslsplit/ https://blog.heckel.io/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/ https://www.roe.ch/SSLsplit