security/sslsplit - The NetBSD Packages Collection

Transparent and scalable SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS
encrypted network connections.  Connections are transparently
intercepted through a network address translation engine and
redirected to SSLsplit.  SSLsplit terminates SSL/TLS and initiates
a new SSL/TLS connection to the original destination address, while
logging all data transmitted.  SSLsplit is intended to be useful
for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections
over both IPv4 and IPv6.  For SSL and HTTPS connections, SSLsplit
generates and signs forged X509v3 certificates on-the-fly, based
on the original server certificate subject DN and subjectAltName
extension.  SSLsplit fully supports Server Name Indication (SNI)
and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE
cipher suites.  Depending on the version of OpenSSL, SSLsplit
supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL
2.0 as well.  SSLsplit can also use existing certificates of which
the private key is available, instead of generating forged ones.
SSLsplit supports NULL-prefix CN certificates and can deny OCSP
requests in a generic way.  For HTTP and HTTPS connections, SSLsplit
removes response headers for HPKP in order to prevent public key
pinning, for HSTS to allow the user to accept untrusted certificates,
and Alternate Protocols to prevent switching to QUIC/SPDY.

Build dependencies

devel/libnet11 pkgtools/cwrappers devel/gmake

Runtime dependencies

(none)

Binary packages

OSArchitectureVersion
NetBSD 8.0earmv7hfsslsplit-0.5.5nb1.tgz
NetBSD 8.0earmv7hfsslsplit-0.5.5nb1.tgz
NetBSD 8.0earmv7hfsslsplit-0.5.5nb1.tgz
NetBSD 8.0i386sslsplit-0.5.5nb1.tgz
NetBSD 8.0i386sslsplit-0.5.5nb1.tgz
NetBSD 8.0powerpcsslsplit-0.5.5nb1.tgz
NetBSD 8.0powerpcsslsplit-0.5.5nb1.tgz
NetBSD 8.0powerpcsslsplit-0.5.5nb1.tgz
NetBSD 8.0powerpcsslsplit-0.5.5nb1.tgz
NetBSD 8.0x86_64sslsplit-0.5.5nb1.tgz
NetBSD 8.0x86_64sslsplit-0.5.5nb1.tgz
NetBSD 9.0aarch64sslsplit-0.5.5nb1.tgz
NetBSD 9.0aarch64sslsplit-0.5.5nb1.tgz
NetBSD 9.0aarch64sslsplit-0.5.5nb1.tgz
NetBSD 9.0alphasslsplit-0.5.5nb1.tgz
NetBSD 9.0alphasslsplit-0.5.5nb1.tgz
NetBSD 9.0alphasslsplit-0.5.5nb1.tgz
NetBSD 9.0earmv6hfsslsplit-0.5.5nb1.tgz
NetBSD 9.0earmv6hfsslsplit-0.5.5nb1.tgz
NetBSD 9.0earmv6hfsslsplit-0.5.5nb1.tgz
NetBSD 9.0earmv7hfsslsplit-0.5.5nb1.tgz
NetBSD 9.0earmv7hfsslsplit-0.5.5nb1.tgz
NetBSD 9.0earmv7hfsslsplit-0.5.5nb1.tgz
NetBSD 9.0earmv7hfsslsplit-0.5.5nb1.tgz
NetBSD 9.0i386sslsplit-0.5.5nb1.tgz
NetBSD 9.0i386sslsplit-0.5.5nb1.tgz
NetBSD 9.0i386sslsplit-0.5.5nb1.tgz
NetBSD 9.0mips64ebsslsplit-0.5.5nb1.tgz
NetBSD 9.0mips64ebsslsplit-0.5.5nb1.tgz
NetBSD 9.0mips64ebsslsplit-0.5.5nb1.tgz
NetBSD 9.0mips64ebsslsplit-0.5.5nb1.tgz
NetBSD 9.0mips64ebsslsplit-0.5.5nb1.tgz
NetBSD 9.0powerpcsslsplit-0.5.5nb1.tgz
NetBSD 9.0powerpcsslsplit-0.5.5nb1.tgz
NetBSD 9.0powerpcsslsplit-0.5.5nb1.tgz
NetBSD 9.0powerpcsslsplit-0.5.5nb1.tgz
NetBSD 9.0sparc64sslsplit-0.5.5nb1.tgz
NetBSD 9.0sparc64sslsplit-0.5.5nb1.tgz
NetBSD 9.0sparc64sslsplit-0.5.5nb1.tgz
NetBSD 9.0sparcsslsplit-0.5.5nb1.tgz
NetBSD 9.0sparcsslsplit-0.5.5nb1.tgz
NetBSD 9.0sparcsslsplit-0.5.5nb1.tgz
NetBSD 9.0x86_64sslsplit-0.5.5nb1.tgz
NetBSD 9.0x86_64sslsplit-0.5.5nb1.tgz
NetBSD 9.0x86_64sslsplit-0.5.5nb1.tgz
NetBSD 9.0x86_64sslsplit-0.5.5nb1.tgz
NetBSD 9.0x86_64sslsplit-0.5.5nb1.tgz

Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.

Available build options

(none)

Known vulnerabilities

The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.

Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.


Problem reports, updates or suggestions for this package should be reported with send-pr.