Intercepting SSL traffic with SSLsplit

SSLsplit is similar to sslstrip; in this, you can intercept the SSL traffic to glean credentials and other information that you would want to stay confidential. However, the one major difference is that SSLsplit utilizes a certificate that I generate to the end user. This way, the connection will still stay SSL on the end user, unlike sslstrip, which will get back to the end user as a HTTP connection. The one caveat that will have to happen is that the certificate you create will need to be put in the user's trusted certificate store so that the user will not see the untrusted cert message.

The first thing I have to do is create a certificate. The important thing here is to create a certificate for the ...

Get Penetration Testing Bootcamp now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.