sslsniff v0.1
Mike Benham <moxie@thoughtcrime.org>
------------------------------------

REQUIRES: openssl, Linux 2.4

A simple tool that exploits the IE SSL CertificateChain vulnerability:
http://online.securityfocus.com/archive/1/286290/2002-08-09/2002-08-15/2

The three steps to get this running are:

    * Download and run sslsniff-0.1.tar.gz
    * Setup iptables
    * Run arp-spoof or arp-sk

Installing sslsniff
-------------------

    * Unpack sslsniff-0.1.tar.gz, run 'make', and copy the binary wherever.
    * Put any valid SSL certificate and private key into a file (in PEM format).
    * Run sslsniff <$listenPort> <$certificateFile>

sslsniff requires openssl and Linux 2.4, although it can easily be ported to 
other platforms.

Setting up iptables
-------------------

    * Flip your machine into ip_forward mode 
      (echo 1 > /proc/sys/net/ipv4/ip_forward)
    * Add a rule to intercept SSL traffic 
      (iptables -t nat -A PREROUTING -p tcp --source-port 1024:5000 
       --destination-port 443 -j REDIRECT --to-ports <$listenPort>)

The only tricky bit here is the source port range.  sslsniff has to make 
connections out to real SSL servers, and we don't want to intercept its 
traffic (read: infinite loop).  So,  sslsniff will always bind to a local 
port > 9001 - and we should specify the iptables rule so that we only 
intercept traffic on ports lower than that.

Running arpspoof or arp-sk
--------------------------

Assuming we want to intercept SSL traffic from 172.17.10.36, we need to 
trick that host into thinking that we're the router.  Using arpspoof, we 
can convince the target that the router's MAC address is our MAC address.

    * arpspoof -i eth0 -t 172.17.10.36 172.17.8.1


At this point, any SSL traffic should get proxied by sslsniff and logged to a 
file.

How does this work?
-------------------

First, arpspoof convinces a host that our MAC address is the router's MAC 
address, and the target begins to send us all its network traffic.  The 
kernel forwards everything along except for traffic destined to port 443, 
which it redirects to $listenPort (10000, for example).

At this point, sslsniff receives the client connection, makes a connection 
to the real SSL site, and looks at the information in its certificate.  
sslsniff then generates a new certificate with an identical Distinguished 
Name and signs it with the end-entity certificate in $certificateFile.  
sslsniff uses the generated certificate chain to do a SSL handshake with the 
client and proxy data between both hosts (while logging it, of course).

If the client is Internet Explorer, the browser will not notice anything 
unusual about the generated certificate due to the Certificate Chain 
vulnerability.


