Automic VaultAutomic Vault

brew

Install sslsplit with Homebrew, apt, dnf, Nix, pacman

Man-in-the-middle attacks against SSL encrypted network connections. Version 0.5.5 via Homebrew; verified 2026-06-22.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install sslsplit

local Homebrew formula metadata

Linux

Debian aptverified · 92%
sudo apt install sslsplit

Debian stable package indexes · sslsplit · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install sslsplit

Fedora Rawhide package metadata · sslsplit · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#sslsplit

nixpkgs package indexes · pkgs/by-name/ss/sslsplit/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S sslsplit

Arch Linux sync databases · sslsplit · source: geo.mirror.pkgbuild.com

overview

Package summary

Man-in-the-middle attacks against SSL encrypted network connections

Commands and aliases

  • sslsplit

history

Project history and usage

SSLsplit is a transparent SSL/TLS interception tool for network forensics, application security analysis, and penetration testing. It is packaged because it combines low-level NAT integration, forged-certificate TLS interception, and forensic logging in a single Unix-style command.

Project history

The official project page says SSLsplit is developed by Daniel Roethlisberger and contributors and was first publicly released as 0.4.2 in 2012. Its README says it was inspired by Claes M. Nyberg's mitm-ssl and Moxie Marlinspike's sslsniff, while sharing no source code with them.

SSLsplit is designed to transparently terminate NAT-redirected connections, create a new SSL/TLS connection to the original destination, and log transmitted data. Over time it added defenses against mechanisms that complicate interception, including OCSP handling, HSTS and HPKP header mangling, Expect-CT suppression, and prevention of protocol upgrades such as QUIC, SPDY, HTTP/2, and WebSockets.

Adoption history

The official project page lists package or port availability across FreeBSD, OpenBSD, NetBSD, DragonFly BSD, Homebrew, Arch Linux, Debian, Ubuntu, Gentoo, Fedora/RHEL/CentOS, openSUSE, Mageia, BlackArch, Kali Linux, and related security distributions or appliances. The supplied package metadata also shows Homebrew, Debian, Fedora, Nix, Arch, and Ubuntu packaging.

Its packaging footprint follows from its role in labs and security distributions: users need a reproducible build of a sensitive interception tool with OpenSSL, libevent, libpcap, libnet, NAT engine support, and platform-specific behavior aligned.

How it is used

Typical usage requires redirecting traffic with a platform NAT engine, then running sslsplit with proxy specifications such as http, https, tcp, ssl, or autossl, CA certificate/key material, and logging destinations. The tool can write connection logs, content logs, PCAP output, mirrored packets, generated certificates, master secrets, and local process information.

Supported NAT mechanisms in official documentation include FreeBSD pf rdr and divert-to, ipfw fwd, ipfilter rdr; OpenBSD pf rdr-to and divert-to; Linux netfilter REDIRECT and TPROXY; and macOS pf rdr and ipfw fwd.

Why package nerds care

SSLsplit is package-nerd significant because it is deeply coupled to OS networking facilities. A useful package is not only the binary; it is the right combination of OpenSSL compatibility, NAT-engine support, privilege behavior, man pages, sample configuration, and logging defaults.

It also belongs to the family of security tools whose value is inseparable from ethical context. Distributions package it for legitimate forensics, testing, and education, but its capability is explicitly man-in-the-middle interception.

Timeline

  • 2012: SSLsplit 0.4.2 was the first public release.
  • 2013: Version 0.4.7 filtered HPKP headers and added HTTP status and content length to connection logs.
  • 2014: Versions 0.4.8 through 0.4.10 improved pf support on macOS, added protocol forcing options, and added separate file logging with process information.
  • 2016: Version 0.5.0 added generic STARTTLS support through the autossl proxy specification and introduced privilege separation.
  • 2018: Version 0.5.4 added PCAP and packet-mirroring content log modes and the sslsplit.conf manual page.
  • 2019: Version 0.5.5 fixed packaging and install-path behavior, including SYSCONFDIR-controlled installation of sample config files.

Related projects

  • Official README names mitm-ssl and sslsniff as inspirations.
  • Related operational tools include OpenSSL, libevent, libpcap, libnet, platform NAT engines, Wireshark via PCAP or SSLKEYLOGFILE-style outputs, and security distributions such as Kali and BlackArch.

security posture

Risk level: red

broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.

Risk classifier

red risk · medium confidence · escape-surveillance-offensive

Why

  • broad file, network, media, or database tool signal
  • escape, surveillance, or offensive capability signal

Signals

  • text:man-in-the-middle
  • text:network,encrypt

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 12 platform targets.
  • Installs with 4 runtime dependencies.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
sslsplitcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.5.5
manager updated2026-06-22
local dataok
upstreamcurrent
latest detected0.5.5

https://github.com/droe/sslsplit

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:sslsplit
Version0.5.5
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/sslsplit
Homepagehttps://www.roe.ch/SSLsplit
Repositoryhttps://github.com/droe/sslsplit
Upstream docshttps://github.com/droe/sslsplit#readme
LicenseBSD-2-Clause
Source archivehttps://github.com/droe/sslsplit/archive/refs/tags/0.5.5.tar.gz
Last updated2026-06-22T14:06:22-07:00
Pulseupdated
Dependencieslibevent, libnet, libpcap, openssl@3
Build dependenciescheck, pkgconf
Bottleavailable (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesslsplit
Version Scheme0
Revision2
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

sslsplit 0.5.5-2.1+b1

transparent and scalable SSL/TLS interception

http://www.roe.ch/SSLsplit

sudo apt install sslsplit
  • Section: net
  • Architecture: amd64
  • Source Package: sslsplit
  • 7 dependencies
  • normalized package name match
  • Matched by: Sslsplit
Debian stable package indexes · deb.debian.org · Debian stable package indexes: sslsplit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

sslsplit

nix profile install nixpkgs#sslsplit
  • normalized package name match
  • Matched by: Sslsplit
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ss/sslsplit/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

sslsplit 0.5.5-2.1build4

transparent and scalable SSL/TLS interception

http://www.roe.ch/SSLsplit

sudo apt install sslsplit
  • Section: universe/net
  • Architecture: amd64
  • 7 dependencies
  • normalized package name match
  • Matched by: Sslsplit
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: sslsplit from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
dnf95%

sslsplit 0.5.5-22.fc45

Transparent and scalable SSL/TLS interception

http://www.roe.ch/SSLsplit

sudo dnf install sslsplit
  • License: BSD-2-Clause
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: sslsplit
  • 11 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Sslsplit
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: sslsplit from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

sslsplit 0.5.5-3

Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections

https://www.roe.ch/SSLsplit

sudo pacman -S sslsplit
  • License: BSD
  • Architecture: x86_64
  • 6 dependencies
  • normalized package name match
  • Matched by: Sslsplit
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: sslsplit from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment