Intercepting SSL traffic with SSLsplit

SSLsplit is similar to sslstrip; in this, you can intercept the SSL traffic to glean credentials and other information that you would want to stay confidential. However, the one major difference is that SSLsplit utilizes a certificate that I generate to the end user. This way, the connection will still stay SSL on the end user, unlike sslstrip, which will get back to the end user as a HTTP connection. The one caveat that will have to happen is that the certificate you create will need to be put in the user's trusted certificate store so that the user will not see the untrusted cert message.

The first thing I have to do is create a certificate. The important thing here is to create a certificate for the ...

Get Penetration Testing Bootcamp now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.