centos sslsplit traffic interception (simplified)

Unwrap SSL http(s) communications using sslsplit and hosts file; for development / niche purposes only.

Assumption / Optimizations

Fresh MitM VM

# prep server
yum install epel-release -y
# install tool
yum install sslsplit -y

# create a temporary custom Cert Authority
openssl genrsa -out /root/ca.key 4096
# default values of any name when prompted 
openssl req -new -x509 -days 1826 -key /root/ca.key -out /root/ca.crt

# create directories
mkdir /tmp/sslsplit/
mkdir /tmp/sslsplit/logs/
# where
# 100 = port sslsniff should listen on
# target.domain.name = where sslsniff should send traffic
# 200 = port sslsniff should send traffic on target.domain.name
sslsplit -D -l /tmp/sslsplit/logs/connections.log -j /tmp/sslsplit/ -S /tmp/sslsplit/logs/ -k /root/ca.key -c /root/ca.crt ssl 0.0.0.0 100 target.domain.name 200```

Client OS

vi /etc/hosts
# where
# 1.2.3.4 = the IP of your "Fresh MitM VM"
# target.domain = the FQDN your application is requesting
# add the line below
1.2.3.4 target.domain.name

# install tool
yum install /usr/bin/c_rehash

# add our custom CA to keep the client happy
cd /etc/pki/tls/certs/
vi temporary.ca.pem
# add the contents of the ca.crt created on MitM
c_rehash
ls -la
# should be a linked file like 8322c4ec.00 -> temporary.ca.pem

 Test and Intercept

Other more comprehensive / complex / multi-platform / alternate method tutorials exist elsewhere.