centos sslsplit traffic interception (simplified)

Unwrap SSL http(s) communications using sslsplit and hosts file; for development / niche purposes only. Assumption / Optimizations:

Fresh MitM VM

# prep server
yum install epel-release -y
# install tool
yum install sslsplit -y

# create a temporary custom Cert Authority
openssl genrsa -out /root/ca.key 4096
# default values of any name when prompted 
openssl req -new -x509 -days 1826 -key /root/ca.key -out /root/ca.crt

# create directories
mkdir /tmp/sslsplit/
mkdir /tmp/sslsplit/logs/
# where
# 100 = port sslsniff should listen on
# target.domain.name = where sslsniff should send traffic
# 200 = port sslsniff should send traffic on target.domain.name
sslsplit -D -l /tmp/sslsplit/logs/connections.log -j /tmp/sslsplit/ -S /tmp/sslsplit/logs/ -k /root/ca.key -c /root/ca.crt ssl 0.0.0.0 100 target.domain.name 200

Client OS

vi /etc/hosts
# where
# 1.2.3.4 = the IP of your "Fresh MitM VM"
# target.domain = the FQDN your application is requesting
# add the line below
1.2.3.4 target.domain.name

# install tool
yum install /usr/bin/c_rehash

# add our custom CA to keep the client happy
cd /etc/pki/tls/certs/
vi temporary.ca.pem
# add the contents of the ca.crt created on MitM
c_rehash
ls -la
# should be a linked file like 8322c4ec.00 -> temporary.ca.pem

 Test and Intercept

  1. Execute the action on the client OS / visit the site you want to intercept.
  2. Check the output of sslsplit visible on the command line.
  3. See the decrypted conversation in files at /tmp/sslsplit/logs/
Other more comprehensive / complex / multi-platform / alternate method tutorials exist elsewhere.