• Blog >>
  • sslsniff: Anniversary Edition

Jul 24, 2011

BasicConstraints Back Then

In one week it will have been 9 years since I first published sslsniff — way back in 2002!  While sslsniff has evolved to be a general-purpose MITM tool for SSL connections, I originally published it as a proof of concept exploit for the BasicConstraints vulnerability that I released along with it.

The vulnerability was that, back then, nobody really validated certificate chains correctly. Webkit browsers, as well as the Microsoft CryptoAPI (and by extension Internet Explorer, Outlook ,etc…), validated all the signatures in a certificate chain, but failed to check whether the intermediate certificates had a valid CA BasicConstraints extension set. This meant that you could take any old CA-signed certificate and use it to sign any other certificate.

In other words, if you bought a valid certificate for your website, what you got was the equivalent of a CA certificate. You could use it to create a valid signature for any other website, and (naturally) intercept SSL traffic.

Full Circle

Today, Gregor Kopf and Paul Kehrer released an advisory for iOS, announcing that it is also vulnerable to the BasicConstraints attack. Since this is the anniversary of the bug that prompted the release of sslsniff to begin with, I’ve updated it to add iOS fingerprinting support. To intercept traffic from vulnerable iPhones, simply run:

sslsniff -a -c <path/to/your/certificate> -f ios -h <httpPort> -s <sslPort> -w iphone.log