June 2017
Intermediate to advanced
338 pages
8h 28m
English
We can look at SSLsniff first. SSLsniff then requires you to either have the private keys and certificates for your target web application (unlikely) or that you generate spoofed certificates, as seen in the following screenshot:
openssl req -config openssl.cnf -new -nodes -keyout <targetsite>.key -out <targetsite>.csr -days 365

We're using a Unicode \x00 in our Common Name (CN) as a placeholder, following along with the guidance provided by the excellent tutorial at http://www.kimiushida.com/bitsandpieces/articles/attacking_ssl_with_sslsniff_and_null_prefixes/. Creating a real spoofed cert ...
Read now
Unlock full access