Bug#542472: ITP: sslsniff -- SSL/TLS man-in-the-middle attack tool

[Pierre Chifflier <pchifflier@edenwall.com>]

On Thu, Aug 20, 2009 at 10:52:45AM +0200, Alexander Reichle-Schmehl wrote:
> Hi!
> 
> > * Package name    : sslsniff
> >   Version         : 0.6
> >   Upstream Author : Moxie Marlinspike <moxie@thoughtcrime.org>
> > * URL             : http://www.thoughtcrime.org/software/sslsniff/
> > * License         : GPLv3
> >   Programming Lang: C++
> >   Description     : SSL/TLS man-in-the-middle attack tool
> 
> Maybe I miss something, but what's the intended (legal) purpouse of this
> tool?  Is there anything else but being a proof of concept that such
> things are possible?
> 

Hi,

sslsniff is a very useful tool for security assessment, especially when
verifying if certificate checking code is correct in applications.
It can also help understanding protocols by standing as a
man-in-the-middle application, able to log the decrypted session of the
protocol.

I'd say it's a nice tool to have for people working (or interested) in
security.

Regards,
Pierre