[Owasp-leaders] Cert Stealer Released

Gregory Disney gregory.disney at owasp.org
Thu Dec 26 20:18:19 UTC 2013


With this tool it generates a ca-$keyring.crt and $keyring.cer, I use 
these to compare the results. I find that the identity remains the same 
only thing that changes is the Verified by part of a certificate, so the 
initial certificate never changes. Eh I'm working on a ruby gem that 
does the same.
On 12/26/13, 11:49 AM, Tim wrote:
> I have a private MitM tool I wrote that does the same thing all in
> Python, albeit imperfectly.  It just generates new certificates on the
> fly after ripping the public details off of the server side.  I showed
> this code to the guys who build Mallory[1] a while back and they copied
> the idea (but not the code) into their tool.  I imagine Burp probably
> does something similar in some of it's certificate generation options,
> though I haven't checked it if copies more than just the Subject.
>
> tim
>
> 1.https://intrepidusgroup.com/insight/mallory/
>
>
> On Thu, Dec 26, 2013 at 02:40:48PM -0500, Abbas Naderi wrote:
>> >Maybe the PEM you’re using is not a cert, but a private key. They are both encoded into PEM files. If you have the private key, then you don’t need to exploit it! You already have it.
>> >
>> >And BTW whats the practical use of this, I mean have you used it anywhere? How can it be used to exploit something.
>> >-A
>> >On Dec 26, 2013, at 2:38 PM, Gregory Disney<gregory.disney at owasp.org>  wrote:
>> >
>>> > >openssl s_client -showcerts -connect $host:$port > $keyring.pem;
>>> > >openssl x509 -in $keyring.pem  -pubkey > $keyring.cer;
>>> > >keytool -keystore $ks --importcert --alias $keyring.pem -file $keyring.pem -storepass $passwd -noprompt;
>>> > >keytool -genkey -alias $keyring.key -keyalg RSA -keystore $ks -storepass $passwd -noprompt
>>> > >keytool -v -importkeystore -srckeyst

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2013-12-26 at 12.14.49 PM.png
Type: image/png
Size: 65731 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131226/e305f924/attachment-0001.png>


More information about the OWASP-Leaders mailing list