./security/sslsplit, Transparent and scalable SSL/TLS interception

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.5.5nb1, Package name: sslsplit-0.5.5nb1, Maintainer: pkgsrc-users

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS
encrypted network connections. Connections are transparently
intercepted through a network address translation engine and
redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates
a new SSL/TLS connection to the original destination address, while
logging all data transmitted. SSLsplit is intended to be useful
for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections
over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit
generates and signs forged X509v3 certificates on-the-fly, based
on the original server certificate subject DN and subjectAltName
extension. SSLsplit fully supports Server Name Indication (SNI)
and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE
cipher suites. Depending on the version of OpenSSL, SSLsplit
supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL
2.0 as well. SSLsplit can also use existing certificates of which
the private key is available, instead of generating forged ones.
SSLsplit supports NULL-prefix CN certificates and can deny OCSP
requests in a generic way. For HTTP and HTTPS connections, SSLsplit
removes response headers for HPKP in order to prevent public key
pinning, for HSTS to allow the user to accept untrusted certificates,
and Alternate Protocols to prevent switching to QUIC/SPDY.

Required to run:
[security/openssl] [devel/libevent]

Required to build:
[devel/libnet11] [pkgtools/cwrappers]

Master sites:

Filesize: 520.301 KB

Version history: (Expand)

CVS history: (Expand)

   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-05-14 13:48:28 by Nia Alarie | Files touched by this commit (1)
Log message:
sslsplit: needs zlib
   2020-09-07 09:58:12 by Amitai Schleier | Files touched by this commit (3)
Log message:
Fix build on macOS, from Kurt Schreiner on pkgsrc-users@.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-30 23:17:29 by Olaf Seibert | Files touched by this commit (4) | Package updated
Log message:
security/sslsplit: update to 0.5.5.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813)
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-01-20 18:43:47 by Leonardo Taccari | Files touched by this commit (1)
Log message:
sslsplit also needs libevent (noted via pkgsrc-bulk@).

While here pass all the dependencies via MAKE_ENV (this will - hopefully - avoid
further problem on platforms where openssl and libevent are not builtins).