Bug#542472: ITP: sslsniff -- SSL/TLS man-in-the-middle attack tool
On Thu, Aug 20, 2009 at 10:52:45AM +0200, Alexander Reichle-Schmehl wrote:
> Hi!
>
> > * Package name : sslsniff
> > Version : 0.6
> > Upstream Author : Moxie Marlinspike <moxie@thoughtcrime.org>
> > * URL : http://www.thoughtcrime.org/software/sslsniff/
> > * License : GPLv3
> > Programming Lang: C++
> > Description : SSL/TLS man-in-the-middle attack tool
>
> Maybe I miss something, but what's the intended (legal) purpouse of this
> tool? Is there anything else but being a proof of concept that such
> things are possible?
>
Hi,
sslsniff is a very useful tool for security assessment, especially when
verifying if certificate checking code is correct in applications.
It can also help understanding protocols by standing as a
man-in-the-middle application, able to log the decrypted session of the
protocol.
I'd say it's a nice tool to have for people working (or interested) in
security.
Regards,
Pierre
Reply to: