certclone new option --expired

fportantier · Jul 24, 2018 · c4f4abf · c4f4abf
1 parent 2ce75b4
commit c4f4abf
Show file tree

Hide file tree

Showing 7 changed files with 149 additions and 6 deletions.
diff --git a/.gitignore b/.gitignore
@@ -24,6 +24,7 @@ var/
 .installed.cfg
 *.egg
 habu*.tar.gz
+beta*.py
 
 # PyInstaller
 #  Usually these files are written by a python script from a template

diff --git a/habu/cli/cmd_certclone.py b/habu/cli/cmd_certclone.py
@@ -11,17 +11,18 @@
 @click.argument('port')
 @click.argument('keyfile', type=click.File('w'))
 @click.argument('certfile', type=click.File('w'))
-@click.option('-e', 'copy_extensions', is_flag=True, default=False, help='Copy certificate extensions (default: False)')
+@click.option('--copy-extensions', 'copy_extensions', is_flag=True, default=False, help='Copy certificate extensions (default: False)')
+@click.option('--expired', 'expired', is_flag=True, default=False, help='Generate an expired certificate (default: False)')
 @click.option('-v', 'verbose', is_flag=True, default=False, help='Verbose')
-def cmd_certclone(hostname, port, keyfile, certfile, copy_extensions, verbose):
+def cmd_certclone(hostname, port, keyfile, certfile, copy_extensions, expired, verbose):
 
     context = ssl.create_default_context()
 
     with socket.create_connection((hostname, port), timeout=3) as sock:
         with context.wrap_socket(sock, server_hostname=hostname) as ssock:
             original = ssock.getpeercert(binary_form=True)
 
-    key, cert = certclone(original, copy_extensions=copy_extensions)
+    key, cert = certclone(original, copy_extensions=copy_extensions, expired=expired)
 
     keyfile.write(key)
     certfile.write(cert)

diff --git a/habu/cli/cmd_tlsaudit.py b/habu/cli/cmd_tlsaudit.py
@@ -0,0 +1,51 @@
+import socket
+import ssl
+from pprint import pprint
+
+#context = ssl.create_default_context()
+
+#context = ssl.SSLContext()
+#context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_1)
+#context.verify_mode = ssl.CERT_REQUIRED
+#context.check_hostname = True
+
+#pprint(context.get_ciphers())
+
+'''
+ {'aead': False,
+  'alg_bits': 128,
+  'auth': 'auth-rsa',
+  'description': 'CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  '
+                 'Enc=Camellia(128) Mac=SHA1',
+  'digest': 'sha1',
+  'id': 50331713,
+  'kea': 'kx-rsa',
+  'name': 'CAMELLIA128-SHA',
+  'protocol': 'SSLv3',
+  'strength_bits': 128,
+  'symmetric': 'camellia-128-cbc'}]
+'''
+
+ciphers = ssl.SSLContext().get_ciphers()
+
+for cipher in ciphers:
+
+    #if cipher['protocol'] != 'TLSv1.2':
+    #    continue
+
+    context = ssl.SSLContext()
+    #context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+    #context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_1)
+    context.set_ciphers(cipher['name'])
+
+    try:
+        conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname="www.securetia.com")
+        conn.connect(("www.securetia.com", 443))
+        print(cipher['description'])
+    except Exception:
+        pass
+        #print(cipher['name'], 'ERROR')
+
+#cert = conn.getpeercert()
+
+
diff --git a/habu/cli/https_server.py b/habu/cli/https_server.py
@@ -0,0 +1,7 @@
+import BaseHTTPServer, SimpleHTTPServer
+import ssl
+
+httpd = BaseHTTPServer.HTTPServer(('localhost', 4443), SimpleHTTPServer.SimpleHTTPRequestHandler)
+httpd.socket = ssl.wrap_socket (httpd.socket, certfile='/tmp/chain.pem', keyfile='/tmp/chain.key', server_side=True)
+httpd.serve_forever()
+
diff --git a/habu/lib/certclone.py b/habu/lib/certclone.py
@@ -1,13 +1,15 @@
 #!/usr/bin/env python3
 
+from datetime import datetime, timedelta
+
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec, rsa
 from cryptography.x509 import Extensions
 
 
-def certclone(cert_data, copy_extensions=False):
+def certclone(cert_data, copy_extensions=False, expired=False):
 
     try:
         original = x509.load_pem_x509_certificate(cert_data, default_backend())
@@ -34,7 +36,12 @@ def certclone(cert_data, copy_extensions=False):
     cert = cert.issuer_name(original.issuer)
     cert = cert.serial_number(original.serial_number)
     cert = cert.not_valid_before(original.not_valid_before)
-    cert = cert.not_valid_after(original.not_valid_after)
+
+    if expired:
+        cert = cert.not_valid_after(datetime.now() - timedelta(days=1))
+    else:
+        cert = cert.not_valid_after(original.not_valid_after)
+
     cert = cert.public_key(key.public_key())
 
     if copy_extensions:

diff --git a/habu/lib/certclone2.py b/habu/lib/certclone2.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python3
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import ec, rsa
+from cryptography.x509 import Extensions
+
+from pprint import pprint
+
+
+def certclone(chain, copy_extensions=False):
+
+    for i in range(len(chain)):
+        chain[i] = chain[i].to_cryptography()
+
+    newchain = []
+
+    '''
+    key = rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=2048,
+        backend=default_backend()
+        )
+
+    pubkey = key.public_key()
+    '''
+
+    first = True
+
+    for original in chain[::-1]:
+
+        #print(cert)
+
+        key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=2048,
+            backend=default_backend()
+            )
+
+        key_pem = key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption()
+        ).decode()
+
+        if first:
+            print(key_pem)
+            first=False
+
+        pubkey = key.public_key()
+
+        # Todo: Code to mimic the private key type of original cert
+        # maybe based on pubkey.__class__
+        cert = x509.CertificateBuilder()
+        cert = cert.subject_name(original.subject)
+        cert = cert.issuer_name(original.issuer)
+        #cert = cert.serial_number(original.serial_number)
+        cert = cert.serial_number(x509.random_serial_number())
+        cert = cert.not_valid_before(original.not_valid_before)
+        cert = cert.not_valid_after(original.not_valid_after)
+        cert = cert.public_key(pubkey)
+
+        if copy_extensions:
+            for ext in original.extensions:
+                cert = cert.add_extension(ext.value, critical=ext.critical)
+
+        cert = cert.sign(private_key=key, algorithm=original.signature_hash_algorithm, backend=default_backend())
+        cert_pem = cert.public_bytes(serialization.Encoding.PEM).decode()
+        print(cert_pem)
+
+        newchain.insert(0, cert)
+
+    #pprint(newchain)
+    #return (key_pem, cert_pem)
+
diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 
 setup(
     name='habu',
-    version='0.0.72',
+    version='0.0.74',
     description='Python Network Hacking Toolkit',
     long_description=readme,
     long_description_content_type='text/markdown',