moxie0 / sslsniff Goto Github PK

A tool for automated MITM attacks on SSL connections.

License: Other

C++ 100.00%

sslsniff's Introduction

sslsniff v0.8
Moxie Marlinspike <[email protected]>
------------------------------------

REQUIRES: openssl, libboost1.35-dev, libboost-filesystem1.35-dev, 
          libboost-thread1.35-dev, liblog4cpp5-dev, Linux 2.4/2.6 (or BSD)

The three steps to get this running are:

    * Download and run sslsniff-0.8.tar.gz
    * Setup iptables (or pf on BSD)
    * Run arpspoof (or whatever method you'd like to use to redirect traffic).

Installing sslsniff
-------------------

    * Unpack sslsniff-0.8.tar.gz, run "./configure" and "make". (You'll have
      to make some changes to build on BSD systems, see below under "Setting up 
      pf")
    * There are two ways to run this: in "authority" mode or "targeted" mode.

    Authority Mode:

    In this mode, sslsniff acts as if it is a CA which dynamically generates
    certificates on the fly.  If you were, for instance, able to obtain a CA
    certificate somehow, you could run it in this mode and it would dynamically
    create and sign new certificates for whatever site you're trying to connect
    to.

    This mode is also useful for exploiting implementations that do not properly
    verify BasicConstraints, as any valid leaf node certificate could be used
    instead of a CA cert.

    You would run sslsniff as: 
    ./sslsniff -a -s <$listenPort> -w <$logFile> -c <$caCert>

    Targeted Mode:

    In this mode, sslsniff is given a directory full of certificates, which it 
    uses for targeted MITM attacks against the hosts those certificates are 
    signed for.  This mode is useful if you are able to forge specific 
    certificates, or if you have certificates that were obtained for the "null 
    prefix" vulnerability that I published.  There are sample null prefix 
    certificates in the "certs" directory that comes with sslsniff, but be
    sure to specify "-m IPSCACLASEA1.crt" if you wish to use those. (Note:
    the targeted certs have been removed for legal reasons, but the universal
    wildcard cert remains)

    You would run sslsniff as: 
    ./sslsniff -t -s <$listenPort> -w <$logFile> -m IPSCACLASEA1.crt \
      -c <$certDir>

    Other options:
    
    * sslsniff can be configured to only attack certain clients.  In this case, 
      you need to specify -f <ff,ie,safari,opera> -h <$httpListenPort> 
    
    * sslsniff can be configured to deny OCSP requests from clients.  In this 
      case, you need to specify -d

    * sslsniff can be configured to only log HTTP POSTS.  In this case, you 
      need to specify -p

    * sslsniff can be configured to hijack Mozilla auto-updates.  In this case, 
      you need to specify -u <$updateXmlDir>, where $updateXmlDir contains the 
      XML files for whatever binaries you want to have sslsniff auto-update, 
      one for each platform.  There are sample XML files in the "update" 
      directory that comes with sslsniff.

    * sslsniff can be configured to hijack Firefox/Thunderbird addon 
      auto-updates. In this case, you need to specify -e <url> -j <sha256sum> 
      where <url> is the URL where your custom addon is located, and <sha256sum> 
      is the sha256sum of that addon.


Setting up iptables
-------------------

    * Flip your machine into ip_forward mode 
      (echo 1 > /proc/sys/net/ipv4/ip_forward)

    * Add a rule to intercept HTTPS traffic 
      (iptables -t nat -A PREROUTING -p tcp --destination-port 443
       -j REDIRECT --to-ports <$listenPort>)

    * If you're going to do client fingerprinting, add a rule to
      intercept HTTP traffic:
      (iptables -t nat -A PREROUTING -p tcp --destination-port 80
      -j REDIRECT --to-ports <$httpListenPort>)

    * Add a rule to intercept imaps traffic:
      (iptables -t nat -A PREROUTING -p tcp --destination-port 993 \
       -j REDIRECT --to-ports <$listenPort>)

    * Add a rule to intercept pop3s traffic:
      (iptables -t nat -A PREROUTING -p tcp --destination-port 995 \
       -j REDIRECT --to-ports <$listenPort>)

    * Add a rule to intercept irc over ssl traffic:
      (iptables -t nat -A PREROUTING -p tcp --destination-port 6697 \
       -j REDIRECT --to-ports <$listenPort>)

Setting up pf
-------------

Basic support for pf is now included. Set up firewall rules similar to
those above, and change util/Destination.cpp by undefining HAVE_NETFILTER
and defining HAVE_PF at the top.


Running arpspoof
--------------------------

Assuming we want to intercept SSL traffic from 172.17.10.36, we need to 
trick that host into thinking that we're the router.  Using arpspoof, we 
can convince the target that the router's MAC address is our MAC address.

    * arpspoof -i eth0 -t 172.17.10.36 172.17.8.1

At this point, any SSL traffic should get proxied by sslsniff and logged to 
a file.

How does this work?
-------------------

First, arpspoof convinces a host that our MAC address is the router's MAC 
address, and the target begins to send us all its network traffic.  The 
kernel forwards everything along except for traffic destined to port 443, 
which it redirects to $listenPort (10000, for example).

At this point, sslsniff receives the client connection, makes a connection 
to the real SSL site, and looks at the information in its certificate.  
sslsniff then either sends a forged certificate if available 
(targeted certificate mode), or it dynamically forges a certificate and signs
it with your authoritative certificate (authority mode).

sslsniff's People

Contributors

Stargazers

Watchers

Forkers

droe mattbnz piru yeahwhatever data-kjetil lucasdupin jbc0 transparentmask claudiouzelac marik332000 madmercen bitland kmkaplan softctrl atopos0627 purriah kiaans andlab ljp2010 jonathanmarvens lucabongiorni giannivh benediktkr javarange bincker devesh1691 bradparks akiraaisha kostyll stevenjohnstone kristiankielhofner debugfan virta michelangelo13 arno01 codercold brunoklein99 darg0001 lordxeth awgh michael-lettona inscriptionweb syxoasis deepbugs pandagxnu melbshark nunb ashr zskyfall b8box altune solertis ph0enixxx supertanglang jqk6 yskcg max-smith krodyx n4yk realid lucas-developer vaginessa zhangshuangjun wuchirat hillu digits88 mrvirginis subzeroking xxu36 hatnetsec explife0011 ykankaya erdoukki shalekesan shellgh05t enterstudio itisbugra morristech oxaa-ox55 lanbihai chang1532 wgwjifeng orf53975 bikram990 ro9ueadmin killvxk ntgitdude23 raimundojimenez add1ct3d modulexcite thanhlam2410 youngshingjun mahdy-nasr artnoc1 m0duspwnens cd10anil marciopocebon myjupiter 3453-315h zammalhabe

sslsniff's Issues

Git tags gone...

Moxie,

it seems that you removed the tags from the Github repository, was this intentional?

Cheers,
-Hilko

Error in parsing SSL certificates with email address

If you sprecify an (optional) email address in the certificate request, sslsniff adds it to the CN as part of the hostname. This results in invalid DNS lookups.

Example:

$ openssl req -new -nodes -keyout heise.key -out heise.csr -days 365
Generating a 1024 bit RSA private key
...
Common Name (eg, YOUR name) []:www.heise.de
Email Address []:[email protected]
...

$ openssl x509 -in certs/heise.crt -noout -text
...
Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=www.heise.de/emailAddress=[email protected]
...
$ sslsniff -t -c ./certs/ -s 1414 -w x1.log
terminate called after throwing an instance of 'boost::exception_detail::clone_implboost::exception_detail::error_info_injector<boost::system::system_error >'
what(): Host not found (authoritative)
Abgebrochen

tcpdump shows, that sslsniff does a DNS query for "www.heise.de/emailAddress=[email protected]" which of course does not exist.

Fails to build with OpenSSL 1.1

Hello,

if you try to build sslsniff with OpenSSL 1.1 it will fail:

In file included from SSLBridge.hpp:41:0,
                 from HTTPSBridge.hpp:24,
                 from FirefoxUpdater.hpp:23,
                 from FirefoxAddonUpdater.hpp:26,
                 from SSLConnectionManager.cpp:20:
certificate/Certificate.hpp: In member function 'void Certificate::parseCommonName(X509*)':
certificate/Certificate.hpp:95:39: error: invalid use of incomplete type 'X509 {aka struct x509_st}'
     std::string distinguishedName(cert->name);
                                       ^~

Basically OpenSSL made many structures opaque and you have to use various API calls to access the underlying data.

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see some of the changes. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information.

This was initially filed in Debian here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828557

fails to build with --as-needed

Makefile.am uses sslsniff_LDFLAGS to link with libraries.
This leads to a wrong command line orderung and undefined references when compiling with the linker flag --as-needed
It needs to be sslsniff_LIBS instead

terminate called after throwing an instance of 'BadCertificateException'

OS: CentOS 6

[pentest@work sslsniff]$ ./sslsniff -t -s 1337 -w sslsniff.log -m IPSCACLASEA1.crt -c certs/wildcard
terminate called after throwing an instance of 'BadCertificateException'
what(): Could not parse certificate...
Aborted
[pentest@work sslsniff]$

Software Engineering Radio

Would you like to do an interview on SER?
My previous shows: http://www.se-radio.net/team/kim-carter/

OCSP Denier: invalid ASN.1 syntax for OCSPResponse

OCSPDenier::ocspResponse in http/OCSPDenier.cpp contains an syntactically invalid OCSP response. OCSPResponse according to RFC 2560:

4.2.1  ASN.1 Specification of the OCSP Response

   An OCSP response at a minimum consists of a responseStatus field
   indicating the processing status of the prior request. If the value
   of responseStatus is one of the error conditions, responseBytes are
   not set.

   OCSPResponse ::= SEQUENCE {
      responseStatus         OCSPResponseStatus,
      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }

   OCSPResponseStatus ::= ENUMERATED {
       successful            (0),  --Response has valid confirmations
       malformedRequest      (1),  --Illegal confirmation request
       internalError         (2),  --Internal error in issuer
       tryLater              (3),  --Try again later
                                   --(4) is not used
       sigRequired           (5),  --Must sign the request
       unauthorized          (6)   --Request unauthorized
   }
[...]

So instead of the string "3", the HTTP response body should contain an ASN.1 SEQUENCE, containing an ENUMERATED with the value 0x03 to be a valid OCSP response, which is a total of 5 bytes in the case of tryLater (responseBytes is not needed).

Incidentally, clients seem to ignore ASN.1 syntax errors in OCSP responses, so fixing this might not actually change client behaviour for many OCSP client implementations.

Can't Find Your Email - So Contacting Via Github Issue lol

My name is Davy Yue, and I am the Founder + CEO of LifeEverlasting, an innovative technology enabling a user to interact with anyone from history. See our pitch slide deck below, and note the one-minute promotional video on the second slide:

https://docs.google.com/presentation/d/1OMQ7LMTXqql0Jy1pdslMyeANcjQWcaTch-0zHBjVFzc/edit?usp=sharing

My team and I at LifeEverlasting are currently looking for seed & angel investors, as well as venture capitalists to fund our development process as we push for the first-ever beta release date May 18th, 2018 at 3:00 pm CST as well as the second beta date in the slide deck. We are also looking to work with security professionals, since a significant amount of data would be collected to fuel the neural network and machine-learning process.

I would love to schedule a video or phone call with you to discuss further your possible involvement in LifeEverlasting, an innovative startup breaking new ground in helping establish people's long-living legacy after their physical passing.

Please let me know what you think. Looking forward to talking soon!

Best,

Davy Yue

No "configure" file

In "README":

Unpack sslsniff-0.8.tar.gz, run "./configure" and "make". (You'll have
to make some changes to build on BSD systems, see below under "Setting up
pf")

There is no "configure" file.

" what(): resolve: Host not found (authoritative)"

Installed through default apt repos in Ubuntu 16.

Using the example command from man page:

     sslsniff -a -c /usr/share/sslsniff/certs/wildcard -s 4433 -w /tmp/sslsniff.log

Error messsaage is:

terminate called after throwing an instance of 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::system::system_error> >' what(): resolve: Host not found (authoritative) Aborted (core dumped)

This is probably fixed in newer versions. I'll try to build from source

Allow multiple instances of SSLSniff to run in Authority Mode

I am trying to setup via script SSLSniff to run on multiple ports using various IPTables redirects.

The commandsI am running are below. Basically I'd like one instance of sslsniff to listen for port 443 traffic and write to one log file, and another listen on 444. I am doing that via IPs, for 443 I am redirecting to 25000 for 444 I am redirecting to 25001. The error I am getting is below as well

So I may be thinking about this wrong, but something is grabbing a port that isn't the 25000 I specified, and thus it is only allowing one instance to run.

Two questions:

Should I be able to do this? Is this a bug in the code that is keeping me from running two instances?
Does sslsniff even allow non-443 connections? i.e. how would it know that the traffic going to 25001 is meant for 444 on the far end? Does it just assume all traffic is 443? Should SSLSniff take a command argument specifying the end port so that it listens for redirection on -s 25001 and then tries to connect to IP specified on what ever port you specify (with it defaulting to 443?)

Thanks!

Error:
terminate called after throwing an instance of 'boost::exception_detail::clone_implboost::exception_detail::error_info_injector<boost::system::system_error >'
what(): Address already in use
Aborted

Commands:
sslsniff -a -c /mnt/working/tools/sslsniff/fakeca/server.pem -s 25000 -w /mnt/working/tools/sslsniff/ssldumps/20121115085244_443.log

sslsniff -a -c /mnt/working/tools/sslsniff/fakeca/server.pem -s 25001 -w /mnt/working/tools/sslsniff/ssldumps/20121115085244_444.log

SegFault on startup

Running on a Raspberry Pi Model B+

Openssl version -a:
OpenSSL 1.0.1e 11 Feb 2013
built on: Wed Jul 30 04:35:10 UTC 2014
platform: debian-armhf
options: bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) blowfish(ptr)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"

SSLSniff v0.8-3 (Pretty sure)

Generated a CA key / cert using Openssl.

Trying to start SSLSniff in authority mode, using the CA private key. As soon as I do, it segfaults.

Tried starting sslsniff in authority mode using the CA public key (cert, right?), and it starts, and runs, until a request is made, it then crashes.

Is there a way I can provide more information?

I've tried completely compiling from source, and have experienced the same issue.

CA mode does not work with iOS

We have a test environment with sslsniff in CA mode, that works fine with Firefox on Linux/Windows.
When we try to use it with iOS we don't get a connection to the server. Safari simply complains that it cannot make a secure connection to the server. Targeted mode seems to work though.

I am willing to provide more details but I have not yet found a way to get any meaningfull output from Safari.

How SSLsniff know destination port of a conection when it is not common protocol?

Failure, when running sslsniff in target mode

sslsniff -t -s 8080 -w sslsniff.log -c certs

terminate called after throwing an instance of 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injectorboost::system::system_error >'
what(): resolve: Host not found (authoritative)
Abgebrochen

I find no explanation. The "authority mode" is running without problems. I must use "target mode", because the client "microsoft outlook" only accepts certificates with a special principal name.

Fails with "Error on SSL Connect"

When trying to run sslsniff, all I get is:

$ sudo iptables -t nat -A OUTPUT -p tcp --destination-port 443 -j REDIRECT --to-ports 8081
$ sslsniff -a -c ca.pem -s 8081 -w mylog &
$ tail -f mylog
1415570016 INFO sslsniff : Certificate Ready: Nikolaus Rath CA Key/emailAddress=[email protected]
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Got exception: Error with SSL connection...
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Got exception: Error with SSL connection...
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Got exception: Error with SSL connection...
1415570619 DEBUG sslsniff : Error on SSL Connect.
1415570619 DEBUG sslsniff : Got exception: Error with SSL connection...
[.....]

targeted mode does not support wildcard certificates

A vaild wildcard certificate in targeted mode leads to invalid DNS queries and programm abortion. Tested with sslsniff version 0.8

Example:

    Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=*.heise.de

$ sslsniff -t -c ./certs/ -s 1414 -w x1.log
terminate called after throwing an instance of 'boost::exception_detail::clone_implboost::exception_detail::error_info_injector<boost::system::system_error >'
what(): Host not found (authoritative)
Abgebrochen

DNS-Query is done for: "*.heise.de" and fails.

Solution:

support wildcard certs (using the same mechanism already in place for CA mode) OR
properly reject wildcard certs with a meaningful error instead of crashing

error on the make command while installing..

/opt/sslsniff$ make
g++ -DPACKAGE_NAME="" -DPACKAGE_TARNAME="" -DPACKAGE_VERSION="" -DPACKAGE_STRING="" -DPACKAGE_BUGREPORT="" -DPACKAGE_URL="" -DPACKAGE="sslsniff" -DVERSION="0.8" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -I. -ggdb -g -O2 -MT SSLConnectionManager.o -MD -MP -MF .deps/SSLConnectionManager.Tpo -c -o SSLConnectionManager.o SSLConnectionManager.cpp
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::acceptIncomingConnection()’:
SSLConnectionManager.cpp:47:74: error: ‘boost::asio::ip::tcp::acceptor’ has no member named ‘io_service’
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::shuttleConnection(boost::shared_ptrboost::asio::basic_stream_socket<boost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&)’:
SSLConnectionManager.cpp:79:78: error: ‘boost::asio::ip::tcp::acceptor’ has no member named ‘io_service’
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::interceptSSL(boost::shared_ptrboost::asio::basic_stream_socket<boost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&, bool)’:
SSLConnectionManager.cpp:137:41: error: ‘boost::asio::ip::tcp::acceptor’ has no member named ‘io_service’
make: *** [SSLConnectionManager.o] Error 1

error on the make command while installing

g++ -DPACKAGE_NAME="" -DPACKAGE_TARNAME="" -DPACKAGE_VERSION="" -DPACKAGE_STRING="" -DPACKAGE_BUGREPORT="" -DPACKAGE_URL="" -DPACKAGE="sslsniff" -DVERSION="0.8" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -I. -ggdb -g -O2 -MT SSLConnectionManager.o -MD -MP -MF .deps/SSLConnectionManager.Tpo -c -o SSLConnectionManager.o SSLConnectionManager.cpp
In file included from SSLBridge.hpp:41,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
certificate/Certificate.hpp: In member function ‘std::__cxx11::string Certificate::parseNameFromOCSPUrl(std::__cxx11::string&)’:
certificate/Certificate.hpp:60:52: warning: overflow in conversion from ‘std::__cxx11::basic_string::size_type’ {aka ‘long unsigned int’} to ‘int’ changes value from ‘18446744073709551615’ to ‘-1’ [-Woverflow]
else forwardSlash = std::string::npos;
^~~~
certificate/Certificate.hpp: In member function ‘void Certificate::parseOCSPUrls(X509*)’:
certificate/Certificate.hpp:82:61: warning: ‘unsigned char* ASN1_STRING_data(ASN1_STRING*)’ is deprecated [-Wdeprecated-declarations]
unsigned char * data = ASN1_STRING_data(ad->location->d.ia5);
^
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/pem.h:13,
from SSLBridge.hpp:26,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
/usr/include/openssl/asn1.h:554:1: note: declared here
DEPRECATEDIN_1_1_0(unsigned char ASN1_STRING_data(ASN1_STRING x))
^~~~~~~~~~~~~~~~~~
In file included from SSLBridge.hpp:41,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
certificate/Certificate.hpp:82:61: warning: ‘unsigned char ASN1_STRING_data(ASN1_STRING)’ is deprecated [-Wdeprecated-declarations]
unsigned char * data = ASN1_STRING_data(ad->location->d.ia5);
^
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/pem.h:13,
from SSLBridge.hpp:26,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
/usr/include/openssl/asn1.h:554:1: note: declared here
DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING x))
^~~~~~~~~~~~~~~~~~
In file included from SSLBridge.hpp:41,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
certificate/Certificate.hpp: In member function ‘void Certificate::parseCommonName(X509)’:
certificate/Certificate.hpp:95:39: error: invalid use of incomplete type ‘X509’ {aka ‘struct x509_st’}
std::string distinguishedName(cert->name);
^~
In file included from /usr/include/openssl/crypto.h:25,
from /usr/include/openssl/bio.h:20,
from /usr/include/openssl/pem.h:14,
from SSLBridge.hpp:26,
from HTTPSBridge.hpp:24,
from FirefoxUpdater.hpp:23,
from FirefoxAddonUpdater.hpp:26,
from SSLConnectionManager.cpp:20:
/usr/include/openssl/ossl_typ.h:120:16: note: forward declaration of ‘X509’ {aka ‘struct x509_st’}
typedef struct x509_st X509;
^~~~~~~
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::acceptIncomingConnection()’:
SSLConnectionManager.cpp:47:74: error: ‘boost::asio::ip::tcp::acceptor’ {aka ‘class boost::asio::basic_socket_acceptorboost::asio::ip::tcp’} has no member named ‘io_service’; did you mean ‘get_service’?
boost::shared_ptrip::tcp::socket socket(new ip::tcp::socket(acceptor.io_service()));
^~~~~~~~~~
get_service
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::shuttleConnection(boost::shared_ptr<boost::asio::basic_stream_socketboost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&)’:
SSLConnectionManager.cpp:79:78: error: ‘boost::asio::ip::tcp::acceptor’ {aka ‘class boost::asio::basic_socket_acceptorboost::asio::ip::tcp’} has no member named ‘io_service’; did you mean ‘get_service’?
Bridge::ptr bridge = RawBridge::create(clientSocket, destination, acceptor.io_service());
^~~~~~~~~~
get_service
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::interceptUpdate(boost::shared_ptr<boost::asio::basic_stream_socketboost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&, bool)’:
SSLConnectionManager.cpp:98:17: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:95:32: note: ‘SSLConnectionError& error’ previously declared here
} catch (SSLConnectionError &error) {
^~~~~
SSLConnectionManager.cpp:103:17: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:100:36: note: ‘FirefoxUpdateException& error’ previously declared here
} catch (FirefoxUpdateException &error) {
^~~~~
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::interceptAddon(boost::shared_ptr<boost::asio::basic_stream_socketboost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&, bool)’:
SSLConnectionManager.cpp:123:17: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:120:32: note: ‘SSLConnectionError& error’ previously declared here
} catch (SSLConnectionError &error) {
^~~~~
SSLConnectionManager.cpp:128:17: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:125:36: note: ‘FirefoxUpdateException& error’ previously declared here
} catch (FirefoxUpdateException &error) {
^~~~~
SSLConnectionManager.cpp: In member function ‘void SSLConnectionManager::interceptSSL(boost::shared_ptr<boost::asio::basic_stream_socketboost::asio::ip::tcp >, boost::asio::ip::tcp::endpoint&, bool)’:
SSLConnectionManager.cpp:137:41: error: ‘boost::asio::ip::tcp::acceptor’ {aka ‘class boost::asio::basic_socket_acceptorboost::asio::ip::tcp’} has no member named ‘io_service’; did you mean ‘get_service’?
ip::tcp::socket serverSocket(acceptor.io_service());
^~~~~~~~~~
get_service
SSLConnectionManager.cpp:154:19: error: redeclaration of ‘std::__cxx11::string error’ [-fpermissive]
std::string error = errorStream.str();
^~~~~
SSLConnectionManager.cpp:151:34: note: ‘SSLConnectionError& error’ previously declared here
} catch (SSLConnectionError &error) {
^~~~~
make: *** [Makefile:294: SSLConnectionManager.o] Error 1

[feature request] md5 collision cert generator

Since there are still SSL setups that use MD5 in their certs why not add functionality to generate such certs using this attack http://www.phreedom.org/research/rogue-ca/ (the ca files and certificates they provided expired so they realistically can't be used) to then provide to sslsniff for use in it's other attacks or for things like WPA-enterprise attacks.