.\"                                      Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH SSLSNIFF 1 "August 16, 2009"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh        disable hyphenation
.\" .hy        enable hyphenation
.\" .ad l      left justify
.\" .ad b      justify to both left and right margins
.\" .nf        disable filling
.\" .fi        enable filling
.\" .br        insert line break
.\" .sp <n>    insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
sslsniff \- SSL/TLS man-in-the-middle attack tool
.SH SYNOPSIS
.B sslsniff
.RI [ options ]
.br
.SH DESCRIPTION
This manual page documents briefly the
.B sslsniff
command.
.PP
.\" TeX users may be more comfortable with the \fB<whatever>\fP and
.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
.\" respectively.
\fBsslsniff\fP is designed to create man-in-the-middle (MITM) attacks for
SSL/TLS connections, and dynamically generates certs for the domains
that are being accessed on the fly. The new certificates are constructed
in a certificate chain that is signed by any certificate that is
provided.
.br
sslsniff also supports other attacks like null-prefix or OCSP attacks to
achieve silent interceptions of connections when possible.
.SH OPTIONS
Modes:
.TP
.B \-a
Authority mode.  Specify a certificate that will act as a CA.
.TP
.B \-t
Targeted mode.  Specify a directory full of certificates to target.
.br

.TP
Required options:
.TP
.B \-c \fB<file|directory>\fP
File containing CA cert/key (authority mode) or directory containing a
collection of certs/keys (targeted mode)
.TP
.B \-s \fB<port>\fP
Port to listen on for SSL interception.
.TP
.B \-w \fB<file>\fP
File to log to
.br

.TP
Optional options:
.TP
.B \-u \fB<updateLocation>\fP
Location of any Firefox XML update files.
.TP
.B \-m \fB<certificateChain>\fP
Location of any intermediary certificates.
.TP
.B \-h \fB<port>\fP
Port to listen on for HTTP interception (required for
fingerprinting).
.TP
.B \-f \fB<ff,ie,safari,opera>\fP
Only intercept requests from the specified browser(s).
.TP
.B \-d
Deny OCSP requests for our certificates.
.TP
.B \-p
Only log HTTP POSTs
.TP
.B \-e \fB<url>\fP
Intercept Mozilla Addon Updates
.TP
.B \-j \fB<sha256>\fP
The sha256sum value of the addon to inject
.br

.SH NOTES
\fBsslsniff\fP works only on the \fBFORWARD\fP traffic (not on INPUT or OUTPUT).

.SH EXAMPLES
To intercept traffic on port 8443, start sslsniff on a local port:
.IP
\fBsslsniff -a -c /usr/share/sslsniff/certs/wildcard -s 4433 -w /tmp/sslsniff.log\fP
.PP
and redirect traffic to this port using the iptables nat table:
.IP
\fBiptables -t nat -A PREROUTING -p tcp --destination-port 8443 -j REDIRECT --to-ports 4433\fP
.PP

.SH AUTHOR
sslsniff was written by Moxie Marlinspike.
.PP
This manual page was written by Pierre Chifflier <pollux@debian.org>,
for the Debian project (and may be used by others).