Arrow
Software Bookmark Icon

Software >> sslsniff

Some History

This tool was originally written to demonstrate and exploit IE's vulnerabilityto a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.

It is designed to MITM all SSL connections on a LAN, and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.

The New Scoop

Version 0.6 has been significantly updated to additionally support the null-prefix attacks that I demonstrated at BlackHat 09 and Defcon 17. These allow for completely silent MITM attacks against SSL/TLS in the NSS, Microsoft CryptoAPI, and GnuTLS stacks — ultimately allowing for SSL communication in Firefox, Internet Explorer, Chrome, Thunderbird, Outlook, Evolution, Pidgin, AIM, irssi, and every other client that uses the Microsoft CryptoAPI to be intercepted.

sslsniff has also been updated to support the OCSP attacks that I published at Blackhat 09 and Defcon 17, thus making the revocation of null-prefix certificates very difficult. Additionally, sslsniff now supports modes for hijacking auto-updates from Mozilla products, as well as for Firefox/Thunderbird addons. Attackers can specify payloads of their choice, which will be delivered to the targets being man-in-the-middled.

sslsniff is useful for deploying other vulnerabilities as well. This is the tool that the people who pulled the recent MD5 hash collision publicity stunt used to demonstrate MITM attacks with their rogue CA-certificate. Also, anyone who is capable of obtaining a forged certificate by any means can easily deploy it through sslsniff with the targeted mode designed for null-prefix attacks.

For more information on these attacks, see the video from Defcon 17.

The three steps to get this running are:

Installing sslsniff

  • Install the sslsniff dependencies (openssl, libboost1.35-dev, libboost-filesystem1.35-dev, libboost-thread1.35-dev, liblog4cpp5-dev)
  • Unpack sslsniff-0.8.tar.gz, run './configure', run 'make'

sslsniff requires Linux 2.4/2.6, although it can easily be ported to other platforms.

Running sslsniff

  • sslsniff can now be run in the old "authority" mode or the new "targeted" mode. You can specify a single cert to sign new certificates with, or you can specify a directory full of certificates to use for targeted attacks (these can be null-prefix or universal wildcard certificates).
  • sslsniff can now also defeat OCSP, fingerprint clients to attack, and hijack auto-updates.
  • See the README for more information on how to run sslsniff

Setting up iptables

  • Flip your machine into ip_forward mode
    echo 1 > /proc/sys/net/ipv4/ip_forward
  • Add a rule to intercept SSL traffic
    iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports <$listenPort>
  • If you wish to fingerprint clients and only intercept some traffic based on client type, add a rule to intercept HTTP traffic
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports <$httpListenPort>

Running arpspoof

Assuming we want to intercept SSL traffic from 172.17.10.36, we need to trick that host into thinking that we're the router. Using arpspoof, we can convince the target that the router's MAC address is our MAC address.

  • arpspoof -i eth0 -t 172.17.10.36 172.17.8.1

At this point, any SSL traffic should get proxied by sslsniff and logged to the file you specify.

Development

The current sslsniff development branch can be found on github.

Changes in 0.8 (07/25/11)

  • Added an iOS fingerprinting mode.
  • Added support for intermediary certificates in authority mode.

Changes in 0.7 (04/23/11)

  • Fixed some networking shuffling bugs (thanks Daniel Roethlisberger)
  • Added basic compatibility with BSD pf (thanks Daniel Roethlisberger)

Changes in 0.6 (07/03/09)

  • Added support for null-prefix attacks
  • Added better logging support
  • Added OCSP denial.
  • Added support for hijacking auto-updates

Changes in 0.5 (02/16/09)

  • Switched default signing algorithm from MD5 to SHA1
  • Randomize generated certificate serial numbers
  • Added option for logging directory

Changes in 0.4 (08/22/02)

  • Included anonymously posted CA-signed certificate and key.

Changes in 0.3 (08/22/02)

  • Added mode to only log HTTP POSTs

Changes in 0.2 (08/21/02)

  • Use constant RSA key pair.
  • Cache SSL session ids.
  • Eliminate source port hack.