June 2017
Intermediate to advanced
338 pages
8h 28m
English
We'd hope our customers wouldn't fall for a MITM that removes the SSL/TLS protection. More savvy customers will both train their users and restrict non-HTTPS traffic in browsers. For those cases, Moxie is back again with SSLsniff, which, like Daniel Roethlisberger's SSLsplit (https://github.com/droe/sslsplit), can provide a higher-grade MITM attack by acting as a transparent proxy and serving up a SSL/TLS connection to both the server and the client. Both SSLsniff and SSLsplit will forge X.509 certificates and mimic the server for most relevant certificate fields, so this is a fantastic approach for environments where we suspect users aren't paying attention to their certificate checks or where enforcement ...
Read now
Unlock full access