|
1 | | -# iSniff.py [initial release 2011-08-03] |
2 | | -# |
3 | | -# SSL man-in-the-middle tool inspired by Moxie Marlinspike's sslsniff 0.8 |
4 | | -# |
5 | | -# Successfully tested against iOS < 4.3.5 devices vulnerable to CVE-2011-0228 |
6 | | -# basic constraints validation issue (see http://support.apple.com/kb/HT4824) |
7 | | -# discovered by Gregor Kopf / Paul Kehrer |
8 | | -# |
9 | | -# Written by hubert(a)pentest.com / @hubert3 |
10 | | -# |
11 | | -# Redirect SSL traffic from NAT'd clients to iSniff as follows: |
12 | | -# |
13 | | -# iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 2000 |
14 | | -# |
15 | | -# Linux/iptables is currently required for iSniff to determine the intended destination |
16 | | -# of redirected traffic and generate working certs. Other platforms are not supported. |
17 | | -# |
18 | | -# Any certificate trusted by iOS can be used as signing_cert - The example config below |
19 | | -# uses an APNS cert extracted from an iPhone using 'nimble' (tool and cert not included). |
20 | | -# The certificate chain constructed with this config is similar to the one presented at |
21 | | -# https://issl.recurity.com. Website certs issued by other trusted CAs such as Verisign, |
22 | | -# Startcom, Comodo etc. also work. |
23 | | -# |
24 | | -# Tested on Debian GNU/Linux 6.0 (kernel 2.6.32-5-686, Python 2.6.6) |
25 | | -# Packages required: python-m2crypto |
| 1 | +iSniff.py [updated release 2011-08-25] |
| 2 | + |
| 3 | +SSL man-in-the-middle tool inspired by Moxie Marlinspike's sslsniff 0.8 |
| 4 | + |
| 5 | +Successfully tested against iOS < 4.3.5 devices vulnerable to CVE-2011-0228 |
| 6 | +basic constraints validation issue (see http://support.apple.com/kb/HT4824) |
| 7 | +discovered by Gregor Kopf / Paul Kehrer |
| 8 | + |
| 9 | +Written by hubert(a)pentest.com / @hubert3 |
| 10 | + |
| 11 | +Redirect SSL traffic from NAT'd clients to iSniff as follows: |
| 12 | + |
| 13 | +iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 2000 |
| 14 | + |
| 15 | +Linux/iptables is currently required for iSniff to determine the intended destination |
| 16 | +of redirected traffic and generate working certs. Other platforms are not supported. |
| 17 | + |
| 18 | +Any certificate trusted by iOS can be used as signing_cert - The example config below |
| 19 | +uses an APNS cert extracted from an iPhone using 'nimble' (tool and cert not included). |
| 20 | +The certificate chain constructed with this config is similar to the one presented at |
| 21 | +https://issl.recurity.com. Website certs issued by other trusted CAs such as Verisign, |
| 22 | +Startcom, Comodo etc. also work. |
| 23 | + |
| 24 | +Tested on Debian GNU/Linux 6.0 (kernel 2.6.32-5-686, Python 2.6.6) |
| 25 | +Packages required: python-m2crypto |
0 commit comments