15 03 2016
sslsplit on Windows
Recently I needed to tap into suspicious TLS-encrypted connection from one online game client. And while it’s not so hard to find a decent sslsplit setup tutorial, the “redirect traffic” part is not so simple if you have just one PC with Windows installed. Or is it?
Here’s where virtual machines come in handy. First, you need to download VMWare Workstation Player (which is free for non-commercial use) and create a new VM with Linux flavor of your choice. I initially went with netinst of Debian to save time and see if this solution would work, but later switched to Ubuntu with desktop environment for convenience: you can take advantage of EasyInstall for unattended OS installation and simple file transfers between host and VM.
Once it’s ready, make sure the network configuration of the VM is bridged: connected to the same physical network as the host PC. And then simply route network traffic through the virtual machine, either by making it default gateway for host, or using route.
Now all that’s left to do is setup sslsplit and you can see all the stuff that sneaky game developer was trying to hide–not necessarily from you, though.
Depending on the application you want to sniff, it may be required to import fake root certificate into Windows trust store.