SSLsplit is an open source, cross-platform and free command-line software implemented in C and designed from the offset to be used for performing man-in-the-middle attacks, targeted at network connections encrypted with the either of the SSL and TLS protocols.

Key features include support for plain SSL (Secure Sockets Layer), plain TCP (Transmission Control Protocol), as well as HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) connections over IPv6 and IPv4 connections.

The software comes with support for Server Name Indication (SNI), RSA, ECDSA (Elliptic Curve Digital Signature Algorithm) and DSA (Digital Signature Algorithm) keys, as well as ECDHE (Elliptic Curve Diffie–Hellman Exchange) and DHE (Diffie–Hellman key exchange) cipher suites.

At the moment, SSLsplit supports the following NAT engines and UNIX-like operating systems: netfilter TPROXY and REDIRECT on Linux, pf rdr and divert-to, ipfilter rdr and ipfw fwd on FreeBSD, pf rdr-to and divert-to on OpenBSD, as well as pf rdr and ipfw fwd on Mac OS X.

The software has various command-line options, among which we can mention the ability to use a specific CA certificate, key or chain from a pemfile to sign forged certificates, to use a mix of certificate, chain and key PEM files from a specific directory to target all sites that match the common names, as well as to deny all OCSP requests on all proxy specs.

It is possible to use DH group parameters from a pemfile, disable the SSL/TLS compression on all connections, use specific OpenSSL cipher suite specifications, specify the default NAT engine to use, list available NAT engines, drop privileges to a specific user, write the PID file to a specific file, enable various logging options, and specify proxy specs.

SSLsplit is distributed only as a compressed archive (tarball), which means that you must compile its source code in order to install and use it under your GNU/Linux system. However, it might be possible to easily install it from the main software repositories of your distribution, so open your package manager and search for SSLsplit there before anything else.