moxie0 / sslsniff Goto Github PK
View Code? Open in Web Editor NEWA tool for automated MITM attacks on SSL connections.
License: Other
A tool for automated MITM attacks on SSL connections.
License: Other
sslsniff v0.8 Moxie Marlinspike <[email protected]> ------------------------------------ REQUIRES: openssl, libboost1.35-dev, libboost-filesystem1.35-dev, libboost-thread1.35-dev, liblog4cpp5-dev, Linux 2.4/2.6 (or BSD) The three steps to get this running are: * Download and run sslsniff-0.8.tar.gz * Setup iptables (or pf on BSD) * Run arpspoof (or whatever method you'd like to use to redirect traffic). Installing sslsniff ------------------- * Unpack sslsniff-0.8.tar.gz, run "./configure" and "make". (You'll have to make some changes to build on BSD systems, see below under "Setting up pf") * There are two ways to run this: in "authority" mode or "targeted" mode. Authority Mode: In this mode, sslsniff acts as if it is a CA which dynamically generates certificates on the fly. If you were, for instance, able to obtain a CA certificate somehow, you could run it in this mode and it would dynamically create and sign new certificates for whatever site you're trying to connect to. This mode is also useful for exploiting implementations that do not properly verify BasicConstraints, as any valid leaf node certificate could be used instead of a CA cert. You would run sslsniff as: ./sslsniff -a -s <$listenPort> -w <$logFile> -c <$caCert> Targeted Mode: In this mode, sslsniff is given a directory full of certificates, which it uses for targeted MITM attacks against the hosts those certificates are signed for. This mode is useful if you are able to forge specific certificates, or if you have certificates that were obtained for the "null prefix" vulnerability that I published. There are sample null prefix certificates in the "certs" directory that comes with sslsniff, but be sure to specify "-m IPSCACLASEA1.crt" if you wish to use those. (Note: the targeted certs have been removed for legal reasons, but the universal wildcard cert remains) You would run sslsniff as: ./sslsniff -t -s <$listenPort> -w <$logFile> -m IPSCACLASEA1.crt \ -c <$certDir> Other options: * sslsniff can be configured to only attack certain clients. In this case, you need to specify -f <ff,ie,safari,opera> -h <$httpListenPort> * sslsniff can be configured to deny OCSP requests from clients. In this case, you need to specify -d * sslsniff can be configured to only log HTTP POSTS. In this case, you need to specify -p * sslsniff can be configured to hijack Mozilla auto-updates. In this case, you need to specify -u <$updateXmlDir>, where $updateXmlDir contains the XML files for whatever binaries you want to have sslsniff auto-update, one for each platform. There are sample XML files in the "update" directory that comes with sslsniff. * sslsniff can be configured to hijack Firefox/Thunderbird addon auto-updates. In this case, you need to specify -e <url> -j <sha256sum> where <url> is the URL where your custom addon is located, and <sha256sum> is the sha256sum of that addon. Setting up iptables ------------------- * Flip your machine into ip_forward mode (echo 1 > /proc/sys/net/ipv4/ip_forward) * Add a rule to intercept HTTPS traffic (iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports <$listenPort>) * If you're going to do client fingerprinting, add a rule to intercept HTTP traffic: (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports <$httpListenPort>) * Add a rule to intercept imaps traffic: (iptables -t nat -A PREROUTING -p tcp --destination-port 993 \ -j REDIRECT --to-ports <$listenPort>) * Add a rule to intercept pop3s traffic: (iptables -t nat -A PREROUTING -p tcp --destination-port 995 \ -j REDIRECT --to-ports <$listenPort>) * Add a rule to intercept irc over ssl traffic: (iptables -t nat -A PREROUTING -p tcp --destination-port 6697 \ -j REDIRECT --to-ports <$listenPort>) Setting up pf ------------- Basic support for pf is now included. Set up firewall rules similar to those above, and change util/Destination.cpp by undefining HAVE_NETFILTER and defining HAVE_PF at the top. Running arpspoof -------------------------- Assuming we want to intercept SSL traffic from 172.17.10.36, we need to trick that host into thinking that we're the router. Using arpspoof, we can convince the target that the router's MAC address is our MAC address. * arpspoof -i eth0 -t 172.17.10.36 172.17.8.1 At this point, any SSL traffic should get proxied by sslsniff and logged to a file. How does this work? ------------------- First, arpspoof convinces a host that our MAC address is the router's MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 443, which it redirects to $listenPort (10000, for example). At this point, sslsniff receives the client connection, makes a connection to the real SSL site, and looks at the information in its certificate. sslsniff then either sends a forged certificate if available (targeted certificate mode), or it dynamically forges a certificate and signs it with your authoritative certificate (authority mode).
Moxie,
it seems that you removed the tags from the Github repository, was this intentional?
Cheers,
-Hilko
If you sprecify an (optional) email address in the certificate request, sslsniff adds it to the CN as part of the hostname. This results in invalid DNS lookups.
Example:
$ openssl req -new -nodes -keyout heise.key -out heise.csr -days 365
Generating a 1024 bit RSA private key
...
Common Name (eg, YOUR name) []:www.heise.de
Email Address []:[email protected]
...
$ openssl x509 -in certs/heise.crt -noout -text
...
Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=www.heise.de/emailAddress=[email protected]
...
$ sslsniff -t -c ./certs/ -s 1414 -w x1.log
terminate called after throwing an instance of 'boost::exception_detail::clone_implboost::exception_detail::error_info_injector<boost::system::system_error >'
what(): Host not found (authoritative)
Abgebrochen
tcpdump shows, that sslsniff does a DNS query for "www.heise.de/emailAddress=[email protected]" which of course does not exist.
Hello,
if you try to build sslsniff with OpenSSL 1.1 it will fail:
In file included from SSLBridge.hpp:41:0,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
certificate/Certificate.hpp: In member function 'void Certificate::parseCommonName(X509*)':
certificate/Certificate.hpp:95:39: error: invalid use of incomplete type 'X509 {aka struct x509_st}'
std::string distinguishedName(cert->name);
^~
Basically OpenSSL made many structures opaque and you have to use various API calls to access the underlying data.
On https://wiki.openssl.org/index.php/1.1_API_Changes you can see some of the changes. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information.
This was initially filed in Debian here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828557
Makefile.am uses sslsniff_LDFLAGS to link with libraries.
This leads to a wrong command line orderung and undefined references when compiling with the linker flag --as-needed
It needs to be sslsniff_LIBS instead
OS: CentOS 6
[pentest@work sslsniff]$ ./sslsniff -t -s 1337 -w sslsniff.log -m IPSCACLASEA1.crt -c certs/wildcard
terminate called after throwing an instance of 'BadCertificateException'
what(): Could not parse certificate...
Aborted
[pentest@work sslsniff]$
Would you like to do an interview on SER?
My previous shows: http://www.se-radio.net/team/kim-carter/
OCSPDenier::ocspResponse
in http/OCSPDenier.cpp
contains an syntactically invalid OCSP response. OCSPResponse according to RFC 2560:
4.2.1 ASN.1 Specification of the OCSP Response
An OCSP response at a minimum consists of a responseStatus field
indicating the processing status of the prior request. If the value
of responseStatus is one of the error conditions, responseBytes are
not set.
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
[...]
So instead of the string "3", the HTTP response body should contain an ASN.1 SEQUENCE, containing an ENUMERATED with the value 0x03
to be a valid OCSP response, which is a total of 5 bytes in the case of tryLater (responseBytes is not needed).
Incidentally, clients seem to ignore ASN.1 syntax errors in OCSP responses, so fixing this might not actually change client behaviour for many OCSP client implementations.
My name is Davy Yue, and I am the Founder + CEO of LifeEverlasting, an innovative technology enabling a user to interact with anyone from history. See our pitch slide deck below, and note the one-minute promotional video on the second slide:
https://docs.google.com/presentation/d/1OMQ7LMTXqql0Jy1pdslMyeANcjQWcaTch-0zHBjVFzc/edit?usp=sharing
My team and I at LifeEverlasting are currently looking for seed & angel investors, as well as venture capitalists to fund our development process as we push for the first-ever beta release date May 18th, 2018 at 3:00 pm CST as well as the second beta date in the slide deck. We are also looking to work with security professionals, since a significant amount of data would be collected to fuel the neural network and machine-learning process.
I would love to schedule a video or phone call with you to discuss further your possible involvement in LifeEverlasting, an innovative startup breaking new ground in helping establish people's long-living legacy after their physical passing.
Please let me know what you think. Looking forward to talking soon!
Best,
Davy Yue
In "README":
There is no "configure" file.
Installed through default apt repos in Ubuntu 16.
Using the example command from man page:
sslsniff -a -c /usr/share/sslsniff/certs/wildcard -s 4433 -w /tmp/sslsniff.log
Error messsaage is:
terminate called after throwing an instance of 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::system::system_error> >' what(): resolve: Host not found (authoritative) Aborted (core dumped)
This is probably fixed in newer versions. I'll try to build from source
I am trying to setup via script SSLSniff to run on multiple ports using various IPTables redirects.
The commandsI am running are below. Basically I'd like one instance of sslsniff to listen for port 443 traffic and write to one log file, and another listen on 444. I am doing that via IPs, for 443 I am redirecting to 25000 for 444 I am redirecting to 25001. The error I am getting is below as well
So I may be thinking about this wrong, but something is grabbing a port that isn't the 25000 I specified, and thus it is only allowing one instance to run.
Two questions:
Thanks!
Error:
terminate called after throwing an instance of 'boost::exception_detail::clone_implboost::exception_detail::error_info_injector<boost::system::system_error >'
what(): Address already in use
Aborted
Commands:
sslsniff -a -c /mnt/working/tools/sslsniff/fakeca/server.pem -s 25000 -w /mnt/working/tools/sslsniff/ssldumps/20121115085244_443.log
sslsniff -a -c /mnt/working/tools/sslsniff/fakeca/server.pem -s 25001 -w /mnt/working/tools/sslsniff/ssldumps/20121115085244_444.log
Running on a Raspberry Pi Model B+
Openssl version -a:
OpenSSL 1.0.1e 11 Feb 2013
built on: Wed Jul 30 04:35:10 UTC 2014
platform: debian-armhf
options: bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) blowfish(ptr)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
SSLSniff v0.8-3 (Pretty sure)
Generated a CA key / cert using Openssl.
Trying to start SSLSniff in authority mode, using the CA private key. As soon as I do, it segfaults.
Tried starting sslsniff in authority mode using the CA public key (cert, right?), and it starts, and runs, until a request is made, it then crashes.
Is there a way I can provide more information?
I've tried completely compiling from source, and have experienced the same issue.
We have a test environment with sslsniff in CA mode, that works fine with Firefox on Linux/Windows.
When we try to use it with iOS we don't get a connection to the server. Safari simply complains that it cannot make a secure connection to the server. Targeted mode seems to work though.
I am willing to provide more details but I have not yet found a way to get any meaningfull output from Safari.
terminate called after throwing an instance of 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injectorboost::system::system_error >'
what(): resolve: Host not found (authoritative)
Abgebrochen
I find no explanation. The "authority mode" is running without problems. I must use "target mode", because the client "microsoft outlook" only accepts certificates with a special principal name.
When trying to run sslsniff, all I get is:
$ sudo iptables -t nat -A OUTPUT -p tcp --destination-port 443 -j REDIRECT --to-ports 8081
$ sslsniff -a -c ca.pem -s 8081 -w mylog &
$ tail -f mylog
1415570016 INFO sslsniff : Certificate Ready: Nikolaus Rath CA Key/emailAddress=[email protected]
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Got exception: Error with SSL connection...
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Got exception: Error with SSL connection...
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Got exception: Error with SSL connection...
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Got exception: Error with SSL connection...
[.....]
A vaild wildcard certificate in targeted mode leads to invalid DNS queries and programm abortion. Tested with sslsniff version 0.8
Example:
Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=*.heise.de
$ sslsniff -t -c ./certs/ -s 1414 -w x1.log
terminate called after throwing an instance of 'boost::exception_detail::clone_implboost::exception_detail::error_info_injector<boost::system::system_error >'
what(): Host not found (authoritative)
Abgebrochen
DNS-Query is done for: "*.heise.de" and fails.
Solution:
/opt/sslsniff$ make
g++ -DPACKAGE_NAME="" -DPACKAGE_TARNAME="" -DPACKAGE_VERSION="" -DPACKAGE_STRING="" -DPACKAGE_BUGREPORT="" -DPACKAGE_URL="" -DPACKAGE="sslsniff" -DVERSION="0.8" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -I. -ggdb -g -O2 -MT SSLConnectionManager.o -MD -MP -MF .deps/SSLConnectionManager.Tpo -c -o SSLConnectionManager.o SSLConnectionManager.cpp
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::acceptIncomingConnection()’:
SSLConnectionManager.cpp:47:74: error: ‘boost::asio::ip::tcp::acceptor’ has no member named ‘io_service’
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::shuttleConnection(boost::shared_ptrboost::asio::basic_stream_socket<boost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&)’:
SSLConnectionManager.cpp:79:78: error: ‘boost::asio::ip::tcp::acceptor’ has no member named ‘io_service’
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::interceptSSL(boost::shared_ptrboost::asio::basic_stream_socket<boost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&, bool)’:
SSLConnectionManager.cpp:137:41: error: ‘boost::asio::ip::tcp::acceptor’ has no member named ‘io_service’
make: *** [SSLConnectionManager.o] Error 1
g++ -DPACKAGE_NAME="" -DPACKAGE_TARNAME="" -DPACKAGE_VERSION="" -DPACKAGE_STRING="" -DPACKAGE_BUGREPORT="" -DPACKAGE_URL="" -DPACKAGE="sslsniff" -DVERSION="0.8" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -I. -ggdb -g -O2 -MT SSLConnectionManager.o -MD -MP -MF .deps/SSLConnectionManager.Tpo -c -o SSLConnectionManager.o SSLConnectionManager.cpp
In file included from SSLBridge.hpp:41,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
certificate/Certificate.hpp: In member function ‘std::__cxx11::string Certificate::parseNameFromOCSPUrl(std::__cxx11::string&)’:
certificate/Certificate.hpp:60:52: warning: overflow in conversion from ‘std::__cxx11::basic_string::size_type’ {aka ‘long unsigned int’} to ‘int’ changes value from ‘18446744073709551615’ to ‘-1’ [-Woverflow]
else forwardSlash = std::string::npos;
^~~~
certificate/Certificate.hpp: In member function ‘void Certificate::parseOCSPUrls(X509*)’:
certificate/Certificate.hpp:82:61: warning: ‘unsigned char* ASN1_STRING_data(ASN1_STRING*)’ is deprecated [-Wdeprecated-declarations]
unsigned char * data = ASN1_STRING_data(ad->location->d.ia5);
^
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/pem.h:13,
from SSLBridge.hpp:26,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
/usr/include/openssl/asn1.h:554:1: note: declared here
DEPRECATEDIN_1_1_0(unsigned char ASN1_STRING_data(ASN1_STRING x))
^~~~~~~~~~~~~~~~~~
In file included from SSLBridge.hpp:41,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
certificate/Certificate.hpp:82:61: warning: ‘unsigned char ASN1_STRING_data(ASN1_STRING)’ is deprecated [-Wdeprecated-declarations]
unsigned char * data = ASN1_STRING_data(ad->location->d.ia5);
^
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/pem.h:13,
from SSLBridge.hpp:26,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
/usr/include/openssl/asn1.h:554:1: note: declared here
DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING x))
^~~~~~~~~~~~~~~~~~
In file included from SSLBridge.hpp:41,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
certificate/Certificate.hpp: In member function ‘void Certificate::parseCommonName(X509)’:
certificate/Certificate.hpp:95:39: error: invalid use of incomplete type ‘X509’ {aka ‘struct x509_st’}
std::string distinguishedName(cert->name);
^~
In file included from /usr/include/openssl/crypto.h:25,
from /usr/include/openssl/bio.h:20,
from /usr/include/openssl/pem.h:14,
from SSLBridge.hpp:26,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
/usr/include/openssl/ossl_typ.h:120:16: note: forward declaration of ‘X509’ {aka ‘struct x509_st’}
typedef struct x509_st X509;
^~~~~~~
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::acceptIncomingConnection()’:
SSLConnectionManager.cpp:47:74: error: ‘boost::asio::ip::tcp::acceptor’ {aka ‘class boost::asio::basic_socket_acceptorboost::asio::ip::tcp’} has no member named ‘io_service’; did you mean ‘get_service’?
boost::shared_ptrip::tcp::socket socket(new ip::tcp::socket(acceptor.io_service()));
^~~~~~~~~~
get_service
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::shuttleConnection(boost::shared_ptr<boost::asio::basic_stream_socketboost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&)’:
SSLConnectionManager.cpp:79:78: error: ‘boost::asio::ip::tcp::acceptor’ {aka ‘class boost::asio::basic_socket_acceptorboost::asio::ip::tcp’} has no member named ‘io_service’; did you mean ‘get_service’?
Bridge::ptr bridge = RawBridge::create(clientSocket, destination, acceptor.io_service());
^~~~~~~~~~
get_service
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::interceptUpdate(boost::shared_ptr<boost::asio::basic_stream_socketboost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&, bool)’:
SSLConnectionManager.cpp:98:17: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:95:32: note: ‘SSLConnectionError& error’ previously declared here
} catch (SSLConnectionError &error) {
^~~~~
SSLConnectionManager.cpp:103:17: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:100:36: note: ‘FirefoxUpdateException& error’ previously declared here
} catch (FirefoxUpdateException &error) {
^~~~~
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::interceptAddon(boost::shared_ptr<boost::asio::basic_stream_socketboost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&, bool)’:
SSLConnectionManager.cpp:123:17: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:120:32: note: ‘SSLConnectionError& error’ previously declared here
} catch (SSLConnectionError &error) {
^~~~~
SSLConnectionManager.cpp:128:17: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:125:36: note: ‘FirefoxUpdateException& error’ previously declared here
} catch (FirefoxUpdateException &error) {
^~~~~
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::interceptSSL(boost::shared_ptr<boost::asio::basic_stream_socketboost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&, bool)’:
SSLConnectionManager.cpp:137:41: error: ‘boost::asio::ip::tcp::acceptor’ {aka ‘class boost::asio::basic_socket_acceptorboost::asio::ip::tcp’} has no member named ‘io_service’; did you mean ‘get_service’?
ip::tcp::socket serverSocket(acceptor.io_service());
^~~~~~~~~~
get_service
SSLConnectionManager.cpp:154:19: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:151:34: note: ‘SSLConnectionError& error’ previously declared here
} catch (SSLConnectionError &error) {
^~~~~
make: *** [Makefile:294: SSLConnectionManager.o] Error 1
Since there are still SSL setups that use MD5 in their certs why not add functionality to generate such certs using this attack http://www.phreedom.org/research/rogue-ca/ (the ca files and certificates they provided expired so they realistically can't be used) to then provide to sslsniff for use in it's other attacks or for things like WPA-enterprise attacks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.