[Owasp-leaders] Cert Stealer Released

Abbas Naderi abbas.naderi at owasp.org
Thu Dec 26 19:21:20 UTC 2013


Well a description of what this does would be a good idea to start with…
-A
On Dec 26, 2013, at 2:18 PM, Gregory Disney <gregory.disney at owasp.org> wrote:

> I'm working on the documentation it works via  turning a a keytool pk12 to openssl key, then embedding the key on the root ca and resigning with the embedded key.
> On 12/26/13, 10:47 AM, Dinis Cruz wrote:
>> Hi Gregory, where can I find the details of how this works?
>> 
>> Thx
>> 
>> Dinis
>> 
>> On 26 Dec 2013 07:44, "Gregory Disney" <gregory.disney at owasp.org> wrote:
>> Screen shot of successfully spoofed certs:
>> http://image-store.slidesharecdn.com/f6ff3390-6dfc-11e3-8ed6-22000a9193db-original.png
>> Each of these cert's have been tested and capable of creating SSL sessions.
>> Cert Stealer:
>> https://gist.github.com/gdisneyleugers/8129304
>> -Greg
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131226/d52291bf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4893 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131226/d52291bf/attachment.bin>


More information about the OWASP-Leaders mailing list