search

moxie0 / sslsniff

A tool for automated MITM attacks on SSL connections.
Other
546 stars 118 forks source link

targeted mode does not support wildcard certificates #13

Open ju916 opened 12 years ago

ju916 commented 12 years ago

A vaild wildcard certificate in targeted mode leads to invalid DNS queries and programm abortion. Tested with sslsniff version 0.8

Example:

    Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=*.heise.de

$ sslsniff -t -c ./certs/ -s 1414 -w x1.log terminate called after throwing an instance of 'boost::exception_detail::clone_implboost::exception_detail::error_info_injector' what(): Host not found (authoritative) Abgebrochen

DNS-Query is done for: "*.heise.de" and fails.

Solution:

1) support wildcard certs (using the same mechanism already in place for CA mode) OR 2) properly reject wildcard certs with a meaningful error instead of crashing

ju916 commented 12 years ago

Rechecked with github version:

$ ./sslsniff -t -c ./certs/ -s 1414 -w x1.log terminate called after throwing an instance of 'BadCertificateException' what(): Could not parse certificate... Abgebrochen

better but still a lacking feature :-)

t193r commented 11 years ago

I found a solution here

http://double-dragon.blogspot.com/2013/01/fixing-sslsniff-problem-host-not-found.html?spref=tw

It's indonesia. But you can translate it. :)