I'm not sure how this is "scalable", the "scalable" thing about tools like sslsniff was that earlier versions of SSL used a mechanism for key exchange where the MITM could cache the key negotiated between the client and server, and passively log the encrypted data paired with the intercepted key. decryption can then be done offline, in parallel. that scales, and the MITM component is resource-limited at the rate it can exchange packets.
this requires an active attack, so the MITM is doing double duty for an intercepted session, since it has to pin two session keys together for each endpoint in an intercepted session and decrypt/encrypt. scaling that is harder, since for larger networks you need a relatively constant amount of processing power relative to the number of connections per second and stuff like AES-NI only goes so far. and then you investigate cryptographic coprocessing hardware or GPU acceleration and discover that data transfer speeds on commodity systems become a problem, and now to "scale" your attack you are building custom hardware that both needs to have the intense data plane capacity of high end switches and routers with the intense processing capability of HPC systems.
it's not fun. and it's a hard and interesting challenge to write this kind of software and I commend the authors for doing so but I don't think that active attacks "scale" by definition. you're going to wind up with either a ridiculous amount of custom hardware or only intercepting some percentage of traffic.
this requires an active attack, so the MITM is doing double duty for an intercepted session, since it has to pin two session keys together for each endpoint in an intercepted session and decrypt/encrypt. scaling that is harder, since for larger networks you need a relatively constant amount of processing power relative to the number of connections per second and stuff like AES-NI only goes so far. and then you investigate cryptographic coprocessing hardware or GPU acceleration and discover that data transfer speeds on commodity systems become a problem, and now to "scale" your attack you are building custom hardware that both needs to have the intense data plane capacity of high end switches and routers with the intense processing capability of HPC systems.
it's not fun. and it's a hard and interesting challenge to write this kind of software and I commend the authors for doing so but I don't think that active attacks "scale" by definition. you're going to wind up with either a ridiculous amount of custom hardware or only intercepting some percentage of traffic.