diff --git a/caplets/http-req-dump.cap b/caplets/http-req-dump.cap index 6b311ccb..7e98ce7b 100644 --- a/caplets/http-req-dump.cap +++ b/caplets/http-req-dump.cap @@ -2,7 +2,7 @@ # # sudo ./bettercap-ng -caplet caplets/http-req-dump.cap -eval "set arp.spoof.targets 192.168.1.64" -events.stream off +# events.stream off net.recon on net.probe on diff --git a/modules/http_proxy_base.go b/modules/http_proxy_base.go index a4a9f942..d4086eb0 100644 --- a/modules/http_proxy_base.go +++ b/modules/http_proxy_base.go @@ -210,7 +210,7 @@ func TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *goproxy.ProxyCt cert := getCachedCert(hostname, port) if cert == nil { log.Info("Creating spoofed certificate for %s:%d", core.Yellow(hostname), port) - cert, err = btls.SignCertificateForHost(ca, hostname) + cert, err = btls.SignCertificateForHost(ca, hostname, port) if err != nil { log.Warning("Cannot sign host certificate with provided CA: %s", err) return nil, err diff --git a/tls/sign.go b/tls/sign.go index fff4a6fa..bb2c2be1 100644 --- a/tls/sign.go +++ b/tls/sign.go @@ -1,17 +1,14 @@ package tls import ( + "crypto/rand" "crypto/rsa" "crypto/sha1" "crypto/tls" "crypto/x509" - "crypto/x509/pkix" + "fmt" "math/big" - "net" "sort" - "time" - - "github.com/elazarl/goproxy" ) func hashSorted(lst []string) []byte { @@ -31,57 +28,51 @@ func hashSortedBigInt(lst []string) *big.Int { return rv } -func SignCertificateForHost(ca *tls.Certificate, host string) (cert *tls.Certificate, err error) { - var x509ca *x509.Certificate +func getServerCertificate(host string, port int) *x509.Certificate { + config := tls.Config{InsecureSkipVerify: true} + conn, err := tls.Dial("tcp", fmt.Sprintf("%s:%d", host, port), &config) + if err != nil { + return nil + } + defer conn.Close() - // TODO: read actual fields from the host + state := conn.ConnectionState() + + return state.PeerCertificates[0] +} + +func SignCertificateForHost(ca *tls.Certificate, host string, port int) (cert *tls.Certificate, err error) { + var x509ca *x509.Certificate if x509ca, err = x509.ParseCertificate(ca.Certificate[0]); err != nil { return } - start := time.Unix(0, 0) - end, err := time.Parse("2006-01-02", "2049-12-31") - if err != nil { - panic(err) - } - hosts := []string{host} - hash := hashSorted(hosts) - serial := new(big.Int) - serial.SetBytes(hash) + srvCert := getServerCertificate(host, port) + template := x509.Certificate{ - SerialNumber: serial, - Issuer: x509ca.Subject, - Subject: pkix.Name{ - Organization: []string{"Cisco Systems, Inc."}, - }, - NotBefore: start, - NotAfter: end, - - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + SerialNumber: srvCert.SerialNumber, + Issuer: x509ca.Subject, + Subject: srvCert.Subject, + NotBefore: srvCert.NotBefore, + NotAfter: srvCert.NotAfter, + KeyUsage: srvCert.KeyUsage, + ExtKeyUsage: srvCert.ExtKeyUsage, + IPAddresses: srvCert.IPAddresses, + DNSNames: srvCert.DNSNames, BasicConstraintsValid: true, } - for _, h := range hosts { - if ip := net.ParseIP(h); ip != nil { - template.IPAddresses = append(template.IPAddresses, ip) - } else { - template.DNSNames = append(template.DNSNames, h) - } - } - var csprng goproxy.CounterEncryptorRand - if csprng, err = goproxy.NewCounterEncryptorRandFromKey(ca.PrivateKey, hash); err != nil { - return - } var certpriv *rsa.PrivateKey - if certpriv, err = rsa.GenerateKey(&csprng, 1024); err != nil { + if certpriv, err = rsa.GenerateKey(rand.Reader, 1024); err != nil { return } + var derBytes []byte - if derBytes, err = x509.CreateCertificate(&csprng, &template, x509ca, &certpriv.PublicKey, ca.PrivateKey); err != nil { + if derBytes, err = x509.CreateCertificate(rand.Reader, &template, x509ca, &certpriv.PublicKey, ca.PrivateKey); err != nil { return } + return &tls.Certificate{ Certificate: [][]byte{derBytes, ca.Certificate[0]}, PrivateKey: certpriv,