[Owasp-leaders] Cert Stealer Released

Gregory Disney gregory.disney at owasp.org
Thu Dec 26 19:32:18 UTC 2013


I think a fair description would be it simplifies spoofing certs. This 
started out as a proof of concept a year ago when I realized there was a 
vulnerability in PEM encoding of SSL certs, So I chain-loaded a java key 
store which was converted to key, then resigned the cert with the 
chain-loaded key, thus keeping the context of the original certificate 
with a hijacked authority.
On 12/26/13, 11:21 AM, Abbas Naderi wrote:
> Well a description of what this does would be a good idea to start with…
> -A
> On Dec 26, 2013, at 2:18 PM, Gregory Disney <gregory.disney at owasp.org 
> <mailto:gregory.disney at owasp.org>> wrote:
>
>> I'm working on the documentation it works via  turning a a keytool 
>> pk12 to openssl key, then embedding the key on the root ca and 
>> resigning with the embedded key.
>> On 12/26/13, 10:47 AM, Dinis Cruz wrote:
>>>
>>> Hi Gregory, where can I find the details of how this works?
>>>
>>> Thx
>>>
>>> Dinis
>>>
>>> On 26 Dec 2013 07:44, "Gregory Disney" <gregory.disney at owasp.org 
>>> <mailto:gregory.disney at owasp.org>> wrote:
>>>
>>>     Screen shot of successfully spoofed certs:
>>>     http://image-store.slidesharecdn.com/f6ff3390-6dfc-11e3-8ed6-22000a9193db-original.png
>>>     Each of these cert's have been tested and capable of creating
>>>     SSL sessions.
>>>     Cert Stealer:
>>>     https://gist.github.com/gdisneyleugers/8129304
>>>     -Greg
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131226/97bcaf27/attachment-0001.html>


More information about the OWASP-Leaders mailing list