[Oisf-users] OT: Sending unencrypted traffic with sslsplit to suricata

C.L. Martinez carlopmart at gmail.com
Wed May 6 07:12:25 UTC 2015

Hi all,

  I have installed sslplit in my home firewall to intercept SSL/TLS 
connections and decrypt them.

  All is working really well without issues but I am thinking to 
redirect this unencrypted traffic to a suricata host to inspect it.

  Reading sslplit's man page it seems that is not possible:

To actually implement an attack, you also need to redirect the traffic 
to the system running sslsplit.  Your options include running sslsplit 
on a legitimate router, ARP spoofing, ND spoofing, DNS poisoning, 
deploying a rogue access point (e.g. using hostap mode), physical 
recabling, malicious VLAN reconfiguration or route injection, 
/etc/hosts modification and so on.  SSLsplit does not implement the 
actual traffic redirection.

  Any ideas how can I accomplish this? Maybe using some type of firewall 


More information about the Oisf-users mailing list