SSL Eye: Check if you are the victim of a Man in the Middle attack

Martin Brinkmann
Aug 6, 2015
Updated • Aug 8, 2015

It can be quite difficult to determine whether you are the victim of a Man in the Middle attack.

Eavesdropping is a common Man in the Middle attack type in which communication between two parties is relayed to record the data that is transferred between both parties.

SSL Eye is a free software program for Windows that provides you with a set of tools that help you determine whether you are the victim of a Man in the Middle attack.

The main idea behind the program is to use independent servers to query websites you are communicating with to determine their SSL fingerprint and compare it against the SSL fingerprint that your computer gets when you run the same query.

The program has two main modes of operation. You may query a single website at any time to get SSL fingerprint information and a couple of other information, or use the bulk queue tool to check multiple websites instead.

To check a single site, simply type its address into the form at the top. It needs to be noted that this works only on https sites and not http sites.

Once you have entered the address hit the run button to start the scan. SSL Eye queries servers in several countries including Germany, the UK and US, and displays host IP and SSL fingerprint results afterwards.

All that is left to do is check the fingerprints against the local fingerprint. If you got at least one match, you are not the victim of a Man in the Middle attack.

The program checks for perfect forward secrecy as well and some other values. Perfect Forward Secrecy is indicated with a green checkmark, the other values, connection encryption, key exchange, message authentication and issued by are listed when you select a server from the listing.

The multiple websites query tool works the same but allows you to load addresses in bulk instead. Just click load, select the predefined websites or a custom listing and hit scan afterwards.

check websites

The program scans all sites and displays the same information that it displays when you query a single site.

The application comes with two keyboard shortcuts to scan addresses selected in other programs. Copy a single address to the clipboard and hit Ctrl-Shift-S to have it scanned by the program. While you don't get to see the scan itself, you will receive a small overlay that tells you if your connection to that site is secure.

Closing Words

SSL Eye is a handy program for Windows as it provides you with a tool to check secure connections against Man in the Middle attacks. While it is not automated, it may be useful at times when you want to make sure the connection is secure.

software image
Author Rating
no rating based on 0 votes
Software Name
Operating System
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. R.V said on March 3, 2020 at 11:04 am

    hi when i use this programme it worked fine till a few days ago..
    when i do a scan now it doesnt scan the servers usa, uk 2, netherlands and my local isp stays blanc..any suggestions of what could be wrong here?
    it does it at every webside i enter
    friendly regards

  2. Annom said on August 8, 2015 at 8:26 am

    It may be that everyone knows, but it would be a good idea to explain that a Man in the Middle attack usually (always?) comes about through using an unencrypted Wi-Fi wireless access point. That an “attacker” can easily get around around 2WAY authentication and compromise a connection between two parties who think they are directly communicating with each other..

    “… help you determine whether your the victim…”
    should be
    “… help you determine whether you’re the victim…”

    1. Jake said on August 13, 2015 at 2:59 am

      Not true. Look at that recent Lenovo superfish spyware.

  3. Kagalu said on August 7, 2015 at 12:09 pm

    Want to try, but it crashed my computer completely. No BSOD, just black screen. Does anyone have same problem?

  4. Jay said on August 6, 2015 at 11:42 pm

    On some: “” and “” I am getting a red exclamation point (& different SSL fingerprint) under “Your Local ISP”.
    Does that mean that my ISP is the “Man in the Middle” attack?

    1. Martin Brinkmann said on August 7, 2015 at 7:26 am

      No, not necessarily. Large companies make use of lots of servers and certificates which means that the tool won’t be able to check them all to display all fingerprints. Check out this page for additional information (what can go wrong):

      1. Anonymous said on August 27, 2015 at 10:50 am

        Well; apart from the possibility that Google and such websites may not quite be the most trustworthy sorts available, of course! ;)

      2. Anonymous said on August 7, 2015 at 3:35 pm

        Wow… kinda useless tool.

      3. Martin Brinkmann said on August 7, 2015 at 3:49 pm

        Not really. While it may not work at all times on very popular sites, it will work on regional sites such as banking sites for example.

  5. Hy said on August 6, 2015 at 11:41 pm

    I used to use HTTPS Fingerprints on Steve Gibson’s GRC site for something like this. This SSL Eye looks interesting. I’m going to check it out. Thanks, Martin!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.