macOS
brew install sslsplitlocal Homebrew formula metadata
brew
Man-in-the-middle attacks against SSL encrypted network connections. Version 0.5.5 via Homebrew; verified 2026-06-22.
install
brew install sslsplitlocal Homebrew formula metadata
sudo apt install sslsplitDebian stable package indexes · sslsplit · source: deb.debian.org
sudo dnf install sslsplitFedora Rawhide package metadata · sslsplit · source: dl.fedoraproject.org
nix profile install nixpkgs#sslsplitnixpkgs package indexes · pkgs/by-name/ss/sslsplit/package.nix · source: api.github.com
sudo pacman -S sslsplitArch Linux sync databases · sslsplit · source: geo.mirror.pkgbuild.com
overview
Man-in-the-middle attacks against SSL encrypted network connections
history
SSLsplit is a transparent SSL/TLS interception tool for network forensics, application security analysis, and penetration testing. It is packaged because it combines low-level NAT integration, forged-certificate TLS interception, and forensic logging in a single Unix-style command.
The official project page says SSLsplit is developed by Daniel Roethlisberger and contributors and was first publicly released as 0.4.2 in 2012. Its README says it was inspired by Claes M. Nyberg's mitm-ssl and Moxie Marlinspike's sslsniff, while sharing no source code with them.
SSLsplit is designed to transparently terminate NAT-redirected connections, create a new SSL/TLS connection to the original destination, and log transmitted data. Over time it added defenses against mechanisms that complicate interception, including OCSP handling, HSTS and HPKP header mangling, Expect-CT suppression, and prevention of protocol upgrades such as QUIC, SPDY, HTTP/2, and WebSockets.
The official project page lists package or port availability across FreeBSD, OpenBSD, NetBSD, DragonFly BSD, Homebrew, Arch Linux, Debian, Ubuntu, Gentoo, Fedora/RHEL/CentOS, openSUSE, Mageia, BlackArch, Kali Linux, and related security distributions or appliances. The supplied package metadata also shows Homebrew, Debian, Fedora, Nix, Arch, and Ubuntu packaging.
Its packaging footprint follows from its role in labs and security distributions: users need a reproducible build of a sensitive interception tool with OpenSSL, libevent, libpcap, libnet, NAT engine support, and platform-specific behavior aligned.
Typical usage requires redirecting traffic with a platform NAT engine, then running sslsplit with proxy specifications such as http, https, tcp, ssl, or autossl, CA certificate/key material, and logging destinations. The tool can write connection logs, content logs, PCAP output, mirrored packets, generated certificates, master secrets, and local process information.
Supported NAT mechanisms in official documentation include FreeBSD pf rdr and divert-to, ipfw fwd, ipfilter rdr; OpenBSD pf rdr-to and divert-to; Linux netfilter REDIRECT and TPROXY; and macOS pf rdr and ipfw fwd.
SSLsplit is package-nerd significant because it is deeply coupled to OS networking facilities. A useful package is not only the binary; it is the right combination of OpenSSL compatibility, NAT-engine support, privilege behavior, man pages, sample configuration, and logging defaults.
It also belongs to the family of security tools whose value is inseparable from ethical context. Distributions package it for legitimate forensics, testing, and education, but its capability is explicitly man-in-the-middle interception.
security posture
broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.
red risk · medium confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
sslsplit | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/droe/sslsplit
install metadata
| Package key | brew:sslsplit |
|---|---|
| Version | 0.5.5 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/sslsplit |
| Homepage | https://www.roe.ch/SSLsplit |
| Repository | https://github.com/droe/sslsplit |
| Upstream docs | https://github.com/droe/sslsplit#readme |
| License | BSD-2-Clause |
| Source archive | https://github.com/droe/sslsplit/archive/refs/tags/0.5.5.tar.gz |
| Last updated | 2026-06-22T14:06:22-07:00 |
| Pulse | updated |
| Dependencies | libevent, libnet, libpcap, openssl@3 |
| Build dependencies | check, pkgconf |
| Bottle | available (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, monterey, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | sslsplit |
| Version Scheme | 0 |
| Revision | 2 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
sslsplit 0.5.5-2.1+b1
transparent and scalable SSL/TLS interception
sudo apt install sslsplitsslsplit
nix profile install nixpkgs#sslsplitsslsplit 0.5.5-2.1build4
transparent and scalable SSL/TLS interception
sudo apt install sslsplitsslsplit 0.5.5-22.fc45
Transparent and scalable SSL/TLS interception
sudo dnf install sslsplitsslsplit 0.5.5-3
Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections
sudo pacman -S sslsplitsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.