debian/0000755000000000000000000000000012231530432007161 5ustar debian/dirs0000644000000000000000000000004411662506773010065 0ustar usr/bin usr/sbin usr/share/sslsniff debian/source/0000755000000000000000000000000011700536701010466 5ustar debian/source/format0000644000000000000000000000001411700536701011674 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000663111662506773011144 0ustar This package was debianized by Pierre Chifflier on Sun, 16 Aug 2009 22:39:51 +0200. It was downloaded from http://www.thoughtcrime.org/software/sslsniff/ Upstream Author: Moxie Marlinspike Copyright: Copyright (c) 2002-2009, Moxie Marlinspike License: sslsniff is licensed under the terms of the GNU General Public License version 3, with the following addition: "In addition, as a special exception, Moxie Marlinspike gives permission to link the code of its release of sslsniff with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version." GPLv3 header: This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. see `/usr/share/common-licenses/GPL-3'. The Debian packaging is: Copyright (C) 2009 Pierre Chifflier and is licensed under the GPL version 3, see `/usr/share/common-licenses/GPL-3'. Additional licenses: The following files: Bridge.hpp certificate/AuthorityCertificateManager.cpp certificate/AuthorityCertificateManager.hpp certificate/Certificate.hpp certificate/CertificateManager.cpp certificate/CertificateManager.hpp certificate/TargetedCertificateManager.cpp certificate/TargetedCertificateManager.hpp FingerprintManager.cpp FingerprintManager.hpp FirefoxUpdater.cpp FirefoxUpdater.hpp http/HttpBridge.cpp http/HttpBridge.hpp http/HttpConnectionManager.cpp http/HttpConnectionManager.hpp http/HttpHeaders.cpp http/HttpHeaders.hpp http/OCSPDenier.cpp http/OCSPDenier.hpp HTTPSBridge.cpp HTTPSBridge.hpp Logger.cpp Logger.hpp RawBridge.hpp SessionCache.hpp SSLBridge.cpp SSLBridge.hpp SSLConnectionManager.cpp SSLConnectionManager.hpp sslsniff.cpp UpdateManager.cpp UpdateManager.hpp util/Destination.hpp util/Util.hpp Are licensed under the 3-clause BSD license: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 4. Neither the name of this program nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. debian/sslsniff.10000644000000000000000000000603611662506773011121 0ustar .\" Hey, EMACS: -*- nroff -*- .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) .TH SSLSNIFF 1 "August 16, 2009" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: .\" .nh disable hyphenation .\" .hy enable hyphenation .\" .ad l left justify .\" .ad b justify to both left and right margins .\" .nf disable filling .\" .fi enable filling .\" .br insert line break .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME sslsniff \- SSL/TLS man-in-the-middle attack tool .SH SYNOPSIS .B sslsniff .RI [ options ] .br .SH DESCRIPTION This manual page documents briefly the .B sslsniff command. .PP .\" TeX users may be more comfortable with the \fB\fP and .\" \fI\fP escape sequences to invode bold face and italics, .\" respectively. \fBsslsniff\fP is designed to create man-in-the-middle (MITM) attacks for SSL/TLS connections, and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that is provided. .br sslsniff also supports other attacks like null-prefix or OCSP attacks to achieve silent interceptions of connections when possible. .SH OPTIONS Modes: .TP .B \-a Authority mode. Specify a certificate that will act as a CA. .TP .B \-t Targeted mode. Specify a directory full of certificates to target. .br .TP Required options: .TP .B \-c \fB\fP File containing CA cert/key (authority mode) or directory containing a collection of certs/keys (targeted mode) .TP .B \-s \fB\fP Port to listen on for SSL interception. .TP .B \-w \fB\fP File to log to .br .TP Optional options: .TP .B \-u \fB\fP Location of any Firefox XML update files. .TP .B \-m \fB\fP Location of any intermediary certificates. .TP .B \-h \fB\fP Port to listen on for HTTP interception (required for fingerprinting). .TP .B \-f \fB\fP Only intercept requests from the specified browser(s). .TP .B \-d Deny OCSP requests for our certificates. .TP .B \-p Only log HTTP POSTs .TP .B \-e \fB\fP Intercept Mozilla Addon Updates .TP .B \-j \fB\fP The sha256sum value of the addon to inject .br .SH NOTES \fBsslsniff\fP works only on the \fBFORWARD\fP traffic (not on INPUT or OUTPUT). .SH EXAMPLES To intercept traffic on port 8443, start sslsniff on a local port: .IP \fBsslsniff -a -c /usr/share/sslsniff/certs/wildcard -s 4433 -w /tmp/sslsniff.log\fP .PP and redirect traffic to this port using the iptables nat table: .IP \fBiptables -t nat -A PREROUTING -p tcp --destination-port 8443 -j REDIRECT --to-ports 4433\fP .PP .SH AUTHOR sslsniff was written by Moxie Marlinspike. .PP This manual page was written by Pierre Chifflier , for the Debian project (and may be used by others). debian/changelog0000644000000000000000000000317512231530431011040 0ustar sslsniff (0.8-4.1build1) trusty; urgency=low * No change rebuild for Boost 1.54 transition. -- Dmitrijs Ledkovs Tue, 22 Oct 2013 18:08:41 +0100 sslsniff (0.8-4.1) unstable; urgency=low * Non-maintainer upload. * Drop rewriting boost suffixes (Closes: #709579) -- Dmitrijs Ledkovs Mon, 12 Aug 2013 21:49:30 +0100 sslsniff (0.8-4) unstable; urgency=low * Trigger rebuild with gcc-4.8 (Closes: #701363) -- Pierre Chifflier Thu, 04 Jul 2013 10:47:53 +0200 sslsniff (0.8-3) unstable; urgency=low * Switch to dpkg-source 3.0 (quilt) format * Fix FTBFS with boost 1.48 ('boost::asio::ip::tcp::acceptor' has no member named 'io_service') (Closes: #652756) -- Pierre Chifflier Sat, 31 Dec 2011 09:30:58 +0100 sslsniff (0.8-2) unstable; urgency=low * Explicitly add libraries to LIBS, fix FTBFS with --as-needed (Closes: #632090) -- Pierre Chifflier Mon, 21 Nov 2011 22:21:06 +0100 sslsniff (0.8-1) unstable; urgency=low * Imported Upstream version 0.8 Fix for FTBFS with ld --as-needed has been merged upstream (Closes: #632090) -- Pierre Chifflier Sat, 30 Jul 2011 17:58:00 +0200 sslsniff (0.7-1) unstable; urgency=low * Imported Upstream version 0.7 * Fix FTBFS with recent binutils versions (Closes: #556373) * Bump Standards Version to 3.9.2 -- Pierre Chifflier Sat, 14 May 2011 11:50:59 +0200 sslsniff (0.6-1) unstable; urgency=low * Initial release (Closes: #542472) -- Pierre Chifflier Sun, 16 Aug 2009 22:39:51 +0200 debian/control0000644000000000000000000000175312231530433010573 0ustar Source: sslsniff Section: admin Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Pierre Chifflier Build-Depends: debhelper (>= 7), autotools-dev, libssl-dev, liblog4cpp5-dev, libboost-dev, libboost-regex-dev, libboost-filesystem-dev, libboost-thread-dev Standards-Version: 3.9.2 Homepage: http://www.thoughtcrime.org/software/sslsniff/ Package: sslsniff Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: SSL/TLS man-in-the-middle attack tool sslsniff is designed to create man-in-the-middle (MITM) attacks for SSL/TLS connections, and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that is provided. sslsniff also supports other attacks like null-prefix or OCSP attacks to achieve silent interceptions of connections when possible. debian/rules0000755000000000000000000000530312202245126010243 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) CROSS= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) else CROSS= --build $(DEB_BUILD_GNU_TYPE) endif config.status: configure dh_testdir # Add here commands to configure the package. ifneq "$(wildcard /usr/share/misc/config.sub)" "" cp -f /usr/share/misc/config.sub config.sub endif ifneq "$(wildcard /usr/share/misc/config.guess)" "" cp -f /usr/share/misc/config.guess config.guess endif ./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,--as-needed -Wl,-z,defs" LIBS="-lssl -lboost_filesystem -lpthread -lboost_thread -llog4cpp -lcrypto -lboost_system" build: build-stamp build-stamp: config.status dh_testdir # Add here commands to compile the package. $(MAKE) #docbook-to-man debian/sslsniff.sgml > sslsniff.1 touch $@ clean: dh_testdir dh_testroot rm -f build-stamp # Add here commands to clean up after the build process. [ ! -f Makefile ] || $(MAKE) distclean rm -f config.sub config.guess dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs # Add here commands to install the package into debian/sslsniff. $(MAKE) DESTDIR=$(CURDIR)/debian/sslsniff install cp -r certs $(CURDIR)/debian/sslsniff/usr/share/sslsniff # Build architecture-independent files here. binary-indep: install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: install dh_testdir dh_testroot dh_installchangelogs ChangeLog dh_installdocs dh_installexamples # dh_install # dh_installmenu # dh_installdebconf # dh_installlogrotate # dh_installemacsen # dh_installpam # dh_installmime # dh_python # dh_installinit # dh_installcron # dh_installinfo dh_installman debian/sslsniff.1 dh_link dh_strip dh_compress dh_fixperms # dh_perl # dh_makeshlibs dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/patches/0000755000000000000000000000000011700536701010615 5ustar debian/patches/01-fix-compatibility-with-boost-1.48.patch0000644000000000000000000000441411700536703020203 0ustar Index: sslsniff/SSLConnectionManager.cpp =================================================================== --- sslsniff.orig/SSLConnectionManager.cpp 2011-12-31 09:25:04.000000000 +0100 +++ sslsniff/SSLConnectionManager.cpp 2011-12-31 09:26:14.394534948 +0100 @@ -44,7 +44,7 @@ } void SSLConnectionManager::acceptIncomingConnection() { - boost::shared_ptr socket(new ip::tcp::socket(acceptor.io_service())); + boost::shared_ptr socket(new ip::tcp::socket(acceptor.get_io_service())); acceptor.async_accept(*socket, boost::bind(&SSLConnectionManager::handleClientConnection, this, socket, placeholders::error)); @@ -76,7 +76,7 @@ ip::tcp::endpoint &destination) { - Bridge::ptr bridge = RawBridge::create(clientSocket, destination, acceptor.io_service()); + Bridge::ptr bridge = RawBridge::create(clientSocket, destination, acceptor.get_io_service()); bridge->shuttle(); } @@ -134,7 +134,7 @@ ip::tcp::endpoint &destination, bool wildcardOK) { - ip::tcp::socket serverSocket(acceptor.io_service()); + ip::tcp::socket serverSocket(acceptor.get_io_service()); boost::system::error_code error; serverSocket.connect(destination, error); Index: sslsniff/http/HttpConnectionManager.cpp =================================================================== --- sslsniff.orig/http/HttpConnectionManager.cpp 2011-05-14 11:37:52.000000000 +0200 +++ sslsniff/http/HttpConnectionManager.cpp 2011-12-31 09:26:28.442534999 +0100 @@ -53,7 +53,7 @@ } void HttpConnectionManager::acceptIncomingConnection() { - boost::shared_ptr socket(new ip::tcp::socket(acceptor_.io_service())); + boost::shared_ptr socket(new ip::tcp::socket(acceptor_.get_io_service())); acceptor_.async_accept(*socket, boost::bind(&HttpConnectionManager::handleClientConnection, this, socket, placeholders::error)); @@ -63,7 +63,7 @@ void HttpConnectionManager::bridgeHttpRequest(boost::shared_ptr socket, ip::tcp::endpoint destination) { - Bridge::ptr bridge = HttpBridge::create(socket, acceptor_.io_service(), + Bridge::ptr bridge = HttpBridge::create(socket, acceptor_.get_io_service(), FingerprintManager::getInstance()); bridge->getServerSocket(). debian/patches/series0000644000000000000000000000005311700536703012032 0ustar 01-fix-compatibility-with-boost-1.48.patch debian/docs0000644000000000000000000000001411662506773010051 0ustar NEWS README debian/compat0000644000000000000000000000000211662506773010401 0ustar 7