[Owasp-leaders] Cert Stealer Released

Gregory Disney gregory.disney at owasp.org
Thu Dec 26 19:18:25 UTC 2013


I'm working on the documentation it works via  turning a a keytool pk12 
to openssl key, then embedding the key on the root ca and resigning with 
the embedded key.
On 12/26/13, 10:47 AM, Dinis Cruz wrote:
>
> Hi Gregory, where can I find the details of how this works?
>
> Thx
>
> Dinis
>
> On 26 Dec 2013 07:44, "Gregory Disney" <gregory.disney at owasp.org 
> <mailto:gregory.disney at owasp.org>> wrote:
>
>     Screen shot of successfully spoofed certs:
>     http://image-store.slidesharecdn.com/f6ff3390-6dfc-11e3-8ed6-22000a9193db-original.png
>     Each of these cert's have been tested and capable of creating SSL
>     sessions.
>     Cert Stealer:
>     https://gist.github.com/gdisneyleugers/8129304
>     -Greg
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131226/466b7e6a/attachment.html>


More information about the OWASP-Leaders mailing list