1. Replay captured packets
* Capture an SSL handshake and save the pcaps
* Modify the captures using HEXedit or EMACS
* Replay the capture with any TCP re-player (try tcpreplay) to send your modified packets.
2. MiTM Real Time SSL Handshake
* You can use tcplivereplay or BetterCAP for (but you need to do some work around for this)
3. At IDS/IPS network/router Level
* Some IDS like (SNORT) provides facility to replace tcp packet contents (headers+payload) when deployed inline mode. with SNORT you can use “replace” as post detection Rule Option, only limit is you cant change the content length of the packet as it disturbs the CRC.
* TLS-Attacker is a Java-based framework for analyzing TLS libraries.It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.
Github Download: https://github.com/RUB-NDS/
5.Echo Mirage for network level interception/modification.
6. Below link mentions some more tools/setups.
Please follow and like us: