bettercap 1.6.0 → 1.6.1

data/lib/bettercap/network/ndp_reader.rb

@@ -0,0 +1,35 @@
+module BetterCap
+module Network
+# This class is responsible for reading the computer ARP table.
+class NdpReader
+  # Parse the Ndp cache searching for the given IP +address+ and return its
+  # MAC if found, otherwise nil.
+  def self.find_address( address )
+    self.parse_cache(address) do |ip,mac|
+      if ip == address
+        return mac
+      end
+    end
+    nil
+  end
+
+  private
+
+  # Read the computer NDP cache and parse each line, it will yield each
+  # ip and mac address it will be able to extract.
+  def self.parse_cache(address)
+    iface = Context.get.iface.name
+    Shell.ndp.split("\n").each do |line|
+      if line.include?(address) && line.include?(iface)
+        m = line.split
+        ip = m[0]
+        hw = Target.normalized_mac( m[4] )
+        if hw != 'FF:FF:FF:FF:FF:FF'
+          yield( ip, hw )
+        end
+      end
+    end
+  end
+end
+end
+end

data/lib/bettercap/network/network.rb

@@ -30,6 +30,21 @@ class << self
     nil
   end
 
+  # Return the current network's IPv6 gateway or nil.
+  def get_ipv6_gateway
+    route6 = Shell.execute('route -A inet6')
+    iface = Context.get.options.core.iface
+
+    Logger.debug "ROUTE6:\n#{route6}"
+
+    route6.split(/\n/).select {|n| n =~ /UG/ }.each do |line|
+      Network::Validator.each_ipv6_gateway(line) do |address|
+        return address
+      end
+    end
+    nil
+  end
+
   # Return a list of IP addresses associated to this device network interfaces.
   def get_local_ips
     ips = []
@@ -77,10 +92,19 @@ class << self
   # Return the hardware address associated with the specified +ip_address+ using
   # the +iface+ network interface.
   def get_hw_address( ctx, ip )
-    hw = ArpReader.find_address( ip )
+    hw = nil
+    if ctx.options.core.use_ipv6
+      hw = NdpReader.find_address( ip )
+    else
+      hw = ArpReader.find_address( ip )
+    end
     if hw.nil?
       start_agents( ctx, ip )
-      hw = ArpReader.find_address( ip )
+      if ctx.options.core.use_ipv6
+        hw = NdpReader.find_address( ip )
+      else
+        hw = ArpReader.find_address( ip )
+      end
     end
     hw
   end
@@ -115,8 +139,12 @@ class << self
   # complete their job.
   # If +address+ is not nil only that ip will be probed.
   def start_agents( ctx, address = nil )
-    [ 'Icmp', 'Udp', 'Arp' ].each do |name|
-      BetterCap::Loader.load("BetterCap::Discovery::Agents::#{name}").new(ctx, address)
+    if ctx.options.core.use_ipv6
+      BetterCap::Loader.load("BetterCap::Discovery::Agents::Ndp").new(ctx, address)
+    else
+      [ 'Icmp', 'Udp', 'Arp' ].each do |name|
+        BetterCap::Loader.load("BetterCap::Discovery::Agents::#{name}").new(ctx, address)
+      end
     end
     ctx.packets.wait_empty( ctx.timeout )
   end

data/lib/bettercap/network/target.rb

@@ -47,7 +47,7 @@ class Target
   # ip address will be parsed from the computer ARP cache and updated
   # accordingly.
   def initialize( ip, mac=nil, network=nil, name=nil )
-    if Network::Validator.is_ip?(ip)
+    if Network::Validator.is_ip?(ip) or Network::Validator.is_ipv6?(ip)
       @ip         = ip
       @ip_refresh = false
     elsif Network::Validator.is_mac?(ip)

data/lib/bettercap/network/validator.rb

@@ -16,8 +16,28 @@ module Network
 class Validator
   # Basic expression to validate an IP address.
   IP_ADDRESS_REGEX = '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})'
+  # Basic expression to validate an IPv6 address.
+  IPV6_REGEX = /^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|
+    (([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|
+    [1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]
+    {1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]
+    ?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:)
+    {4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]
+    \d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))
+    |(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]
+    {1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|
+    1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4})
+    {1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)
+    (\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:)
+    {1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|
+    2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))
+    |(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|
+    2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))
+    (%.+)?\s*$/x
   # Quite self explainatory :)
   IP_OCTECT_MAX    = 255
+  # Basic expression for default IPv6 gateway.
+  IPV6_GATEWAY_REGEX = /fe80[^\s]*/
 
   # Return true if +ip+ is a valid IP address, otherwise false.
   def self.is_ip?(ip)
@@ -27,6 +47,12 @@ class Validator
     false
   end
 
+  # Return true if +ip+ is a valid IPv6 address, otherwise false.
+  def self.is_ipv6?(ip)
+    result = ip =~ IPV6_REGEX
+    return result ? true : false
+  end
+
   # Return true if +port+ is a valid port, otherwise false.
   def self.is_valid_port?(port)
     port ||= ""
@@ -43,6 +69,13 @@ class Validator
     end
   end
 
+  # Extract default IPv6 gateway address from +data+.
+  def self.each_ipv6_gateway(data)
+    data.scan(/(#{IPV6_GATEWAY_REGEX})/).each do |m|
+      yield ( m[0] )
+    end
+  end
+
   # Return true if +r+ is a valid IP address range ( 192.168.1.1-93 ), otherwise false.
   def self.is_range?(r)
     if /\A#{IP_ADDRESS_REGEX}\-(\d{1,3})\Z/ =~ r.to_s

data/lib/bettercap/options/core_options.rb

@@ -41,6 +41,8 @@ class CoreOptions
   attr_accessor :check_updates
   # If not nil, the interface MAC address will be changed to this value.
   attr_accessor :use_mac
+  # If true, IPv6 target endpoints are enabled.
+  attr_accessor :use_ipv6
 
   def initialize( iface )
     @iface           = iface
@@ -56,6 +58,7 @@ class CoreOptions
     @packet_throttle = 0.0
     @check_updates   = false
     @use_mac         = nil
+    @use_ipv6        = false
   end
 
   def parse!( ctx, opts )
@@ -78,7 +81,7 @@ class CoreOptions
 
     opts.on( '-G', '--gateway ADDRESS', 'Manually specify the gateway address, if not specified the current gateway will be retrieved and used. ' ) do |v|
       @gateway = v
-      raise BetterCap::Error, "The specified gateway '#{v}' is not a valid IPv4 address." unless Network::Validator.is_ip?(v)
+      check_ip!( v, "The specified gateway '#{v}' is not a valid IPv4 or IPv6 address." )
     end
 
     opts.on( '-T', '--target ADDRESS1,ADDRESS2', 'Target IP addresses, if not specified the whole subnet will be targeted.' ) do |v|
@@ -147,6 +150,16 @@ class CoreOptions
     raise BetterCap::Error, 'No default interface found, please specify one with the -I argument.' if @iface.nil?
   end
 
+  def check_ip!(v,error)
+    if Network::Validator.is_ip?(v)
+      @use_ipv6 = false
+    elsif Network::Validator.is_ipv6?(v)
+      @use_ipv6 = true
+    else
+      raise BetterCap::Error, error
+    end
+  end
+
   # Return true if active host discovery is enabled, otherwise false.
   def discovery?
     ( @discovery and @targets.nil? )
@@ -161,6 +174,10 @@ class CoreOptions
       if Network::Validator.is_ip?(t) or Network::Validator.is_mac?(t)
         @targets << Network::Target.new(t)
 
+      elsif Network::Validator.is_ipv6?(t)
+        @targets << Network::Target.new(t)
+        @use_ipv6 = true
+
       elsif Network::Validator.is_range?(t)
         Network::Validator.each_in_range( t ) do |address|
           @targets << Network::Target.new(address)
@@ -172,7 +189,7 @@ class CoreOptions
         end
 
       else
-        raise BetterCap::Error, "Invalid target specified '#{t}', valid formats are IP addresses, "\
+        raise BetterCap::Error, "Invalid target specified '#{t}', valid formats are IP/IPv6 addresses, "\
                                 "MAC addresses, IP ranges ( 192.168.1.1-30 ) or netmasks ( 192.168.1.1/24 ) ."
       end
     end
@@ -182,7 +199,7 @@ class CoreOptions
   # or more invalid IP addresses are specified.
   def ignore=(value)
     @ignore = value.split(",")
-    valid   = @ignore.select { |target| Network::Validator.is_ip?(target) }
+    valid   = @ignore.select { |target| ( Network::Validator.is_ip?(target) or Network::Validator.is_ipv6?(target) ) }
 
     raise BetterCap::Error, "Invalid ignore addresses specified." if valid.empty?
 
@@ -191,6 +208,12 @@ class CoreOptions
       Logger.warn "Not a valid address: #{target}"
     end
 
+    valid.each do |target|
+      if Network::Validator.is_ipv6?(target)
+        @use_ipv6 = true
+      end
+    end
+
     @ignore = valid
 
     Logger.warn "Ignoring #{valid.join(", ")} ."

data/lib/bettercap/options/options.rb

@@ -125,6 +125,10 @@ class Options
       redirections << redir_single( @proxies.tcp_proxy_upstream_address, iface.ip, @proxies.tcp_proxy_upstream_port, @proxies.tcp_proxy_port )
     end
 
+    if @proxies.udp_proxy
+      redirections << redir_single( @proxies.udp_proxy_upstream_address, iface.ip, @proxies.udp_proxy_upstream_port, @proxies.udp_proxy_port, 'UDP' )
+    end
+
     if @proxies.custom_proxy
       @proxies.http_ports.each do |port|
         redirections << redir( @proxies.custom_proxy, port, @proxies.custom_proxy_port )
@@ -153,6 +157,7 @@ class Options
       'discovery'   => ( @core.discovery? ? on : off ),
       'sniffer'     => ( @sniff.enabled?  ? on : off ),
       'tcp-proxy'   => ( @proxies.tcp_proxy ? on : off ),
+      'udp-proxy'   => ( @proxies.udp_proxy ? on : off ),
       'http-proxy'  => ( @proxies.proxy ? on : off ),
       'https-proxy' => ( @proxies.proxy_https ? on : off ),
       'sslstrip'    => ( @proxies.sslstrip? ? on : off ),

data/lib/bettercap/options/proxy_options.rb

@@ -40,6 +40,7 @@ class ProxyOptions
   attr_accessor :log_response
   # If true, suppress HTTP requests logs.
   attr_accessor :no_http_logs
+
   # If true, TCP proxy will be enabled.
   attr_accessor :tcp_proxy
   # TCP proxy local port.
@@ -50,6 +51,18 @@ class ProxyOptions
   attr_accessor :tcp_proxy_upstream_port
   # TCP proxy module to load.
   attr_accessor :tcp_proxy_module
+
+  # If true, UDP proxy will be enabled.
+  attr_accessor :udp_proxy
+  # UDP proxy local port.
+  attr_accessor :udp_proxy_port
+  # UDP proxy upstream server address.
+  attr_accessor :udp_proxy_upstream_address
+  # UDP proxy upstream server port.
+  attr_accessor :udp_proxy_upstream_port
+  # UDP proxy module to load.
+  attr_accessor :udp_proxy_module
+
   # Custom HTTP transparent proxy address.
   attr_accessor :custom_proxy
   # Custom HTTP transparent proxy port.
@@ -82,6 +95,12 @@ class ProxyOptions
     @tcp_proxy_upstream_port = nil
     @tcp_proxy_module = nil
 
+    @udp_proxy = false
+    @udp_proxy_port = 3333
+    @udp_proxy_upstream_address = nil
+    @udp_proxy_upstream_port = nil
+    @udp_proxy_module = nil
+    
     @custom_proxy = nil
     @custom_proxy_port = 8080
 
@@ -143,6 +162,53 @@ class ProxyOptions
       @tcp_proxy_upstream_port = v.to_i
     end
 
+    opts.separator ""
+    opts.separator "  UDP:"
+    opts.separator ""
+
+    opts.on( '--udp-proxy', 'Enable UDP proxy ( requires other --udp-proxy-* options to be specified ).' ) do
+      @udp_proxy = true
+    end
+
+    opts.on( '--udp-proxy-module MODULE', "Ruby UDP proxy module to load." ) do |v|
+      @udp_proxy_module = File.expand_path(v)
+      Proxy::UDP::Module.load( @udp_proxy_module, opts )
+    end
+
+    opts.on( '--udp-proxy-port PORT', "Set local UDP proxy port, default to #{@udp_proxy_port.to_s.yellow} ." ) do |v|
+      raise BetterCap::Error, "Invalid port '#{v}' specified." unless Network::Validator.is_valid_port?(v)
+      @udp_proxy      = true
+      @udp_proxy_port = v.to_i
+    end
+
+    opts.on( '--udp-proxy-upstream ADDRESS:PORT', 'Set UDP proxy upstream server address and port.' ) do |v|
+      if v =~ /^(.+):(\d+)$/
+        address = $1
+        port    = $2
+      else
+        raise BetterCap::Error, "Invalid address and port specified, the correct syntax is ADDRESS:PORT ( i.e. 192.168.1.2:69 )."
+      end
+
+      address, port = validate_address address, port
+
+      @udp_proxy                  = true
+      @udp_proxy_upstream_address = address
+      @udp_proxy_upstream_port    = port.to_i
+    end
+
+    opts.on( '--udp-proxy-upstream-address ADDRESS', 'Set UDP proxy upstream server address.' ) do |v|
+      v, _ = validate_address v
+
+      @udp_proxy                  = true
+      @udp_proxy_upstream_address = v
+    end
+
+    opts.on( '--udp-proxy-upstream-port PORT', 'Set UDP proxy upstream server port.' ) do |v|
+      raise BetterCap::Error, "Invalid port '#{v}' specified." unless Network::Validator.is_valid_port?(v)
+      @udp_proxy               = true
+      @udp_proxy_upstream_port = v.to_i
+    end
+
     opts.separator "  HTTP:"
     opts.separator ""
 
@@ -245,6 +311,12 @@ class ProxyOptions
       raise BetterCap::Error, "No TCP proxy upstream server port specified ( --tcp-proxy-upstream-port PORT )." if @tcp_proxy_upstream_port.nil?
     end
 
+    if @udp_proxy
+      raise BetterCap::Error, "No UDP proxy port specified ( --udp-proxy-port PORT )." if @udp_proxy_port.nil?
+      raise BetterCap::Error, "No UDP proxy upstream server address specified ( --udp-proxy-upstream-address ADDRESS )." if @udp_proxy_upstream_address.nil?
+      raise BetterCap::Error, "No UDP proxy upstream server port specified ( --udp-proxy-upstream-port PORT )." if @udp_proxy_upstream_port.nil?
+    end
+
     if @proxy and @sslstrip and ctx.options.servers.dnsd
       raise BetterCap::Error, "SSL Stripping and builtin DNS server are mutually exclusive features, " \
                               "either use the --no-sslstrip option or remove the --dns option."
@@ -305,7 +377,7 @@ class ProxyOptions
   end
 
   def any?
-    @proxy or @proxy_https or @tcp_proxy or @custom_proxy
+    @proxy or @proxy_https or @tcp_proxy or @udp_proxy or @custom_proxy
   end
 
   def validate_address( address, port = nil )

data/lib/bettercap/options/spoof_options.rb

@@ -33,7 +33,7 @@ class SpoofOptions
     opts.separator "SPOOFING:".bold
     opts.separator ""
 
-    opts.on( '-S', '--spoofer NAME', "Spoofer module to use, available: #{Spoofers::Base.available.map{|x| x.yellow }.join(', ')} - default: #{@spoofer.yellow}." ) do |v|
+    opts.on( '-S', '--spoofer NAME', "Spoofer module to use, available: #{Spoofers::Base.available.map{|x| x.yellow }.join(', ')} - default: #{@spoofer.yellow} for IPv4 and #{'NDP'.yellow} for IPv6." ) do |v|
       @spoofer = v
     end
 
@@ -55,11 +55,19 @@ class SpoofOptions
     @spoofer.upcase != 'NONE'
   end
 
+  # Change default ARP with NDP spoofer in case the target endpoint uses IPv6.
+  def calibrate_default_spoofer(ctx)
+    if ctx.options.core.use_ipv6
+      @spoofer = 'NDP'
+    end
+  end
+
 
   # Parse spoofers and return a list of BetterCap::Spoofers objects. Raise a
   # BetterCap::Error if an invalid spoofer name was specified.
-  def parse_spoofers
+  def parse_spoofers(ctx)
     valid = []
+    calibrate_default_spoofer(ctx)
     @spoofer.split(",").each do |module_name|
       valid << Spoofers::Base.get_by_name( module_name )
     end

data/lib/bettercap/proxy/http/proxy.rb

@@ -62,7 +62,12 @@ class Proxy
   # Start this proxy instance.
   def start
     begin
-      @socket = TCPServer.new( @address, @port )
+      # If IPv6 is enabled, we must specify iface for current link local address since it's not unique.
+      if Context.get.options.core.use_ipv6 
+        @socket = TCPServer.new( @address + "%" +  Context.get.options.core.iface , @port )
+      else 
+        @socket = TCPServer.new( @address, @port )
+      end
 
       if @is_https
         @sslserver = SSL::Server.new( @socket, @upstream_port )

data/lib/bettercap/proxy/http/response.rb

@@ -64,7 +64,7 @@ class Response
     end
 
     r << "Connection: close"
-    r << "\n\n"
+    r << "\r\n\r\n"
 
     r
   end
@@ -225,7 +225,13 @@ class Response
         s << "#{name}: #{value}\n"
       end
     end
-    s << "\n" + ( @body.nil?? "\n" : @body )
+    s << "\r\n"
+    
+    if @body.nil?
+      s << "\r\n"
+    else
+      s << @body
+    end
     s
   end
 end

data/lib/bettercap/proxy/http/ssl/bettercap-ca.pem

@@ -1,52 +1,56 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAruvJ65uOclbgx1V+lNS0n1dtRj8V3iK4oYfFm6zk+bYVQgnh
-NL2+S5PyWdP0XdqsQHC/c4DLkMGjkLIt4KSr78Z5odAozg/6Qk3xHyNanM4GfCrk
-RIm/2jqEY2LlDVagDVBWmpw8KHOOl5FhOx0sgMlr1BNZ5OCmD0XUyAvAVc+8X0fD
-YWZMhPZFNHBQL2H5u1esRHlC7xIBy0JRiJZw7sf3owBLlz5KNpOVtw/LVtZUii6R
-ODS+rMHlqvmoqckqV/7XvxvcoTIpU6I7SH75NxsxoltmbfrdTF/iOoxhQoQBM1Hq
-dEUaXsiuM/cc3+QspnVUDImRAJ1sEWKVSsBu1QIDAQABAoIBAAxR/z7hDf9vrxVb
-KDdDZBV1CvVPrDKhL2/xKDH204njEUw9dedJFgYsvX0mOKgDpu5DArkX8T6Y5PRk
-GGciMhoJWLfU+YrKBU52Pu16h/9TY5GLU9if+ytbw8dcR9XQrCVD61Woe3Q972Ut
-kDOhsmi/xyCA3GwKhqe8u2f7q+hfQ3xoSOAtqODQrMq3fahhYwJHj447wxc6i4Jb
-tkuR/zkSyfwauoZisJsQCz1ajq17Z2hsm/7LqO/KNUxSvHn+kWFVdZU6EtvXXz2P
-DAByb+jhKK/UiCE1+wDV2CZIeCLJf2ng8tsVLBS785dNrG10/sQkAdvQapTs3tia
-BJ07+QECgYEA4n//r/GE3FV6hiFwIUtqPBJ8cxp0V9gXZChjwQYH809V3opmYjRR
-gtG+k2mtgyCvkN/OQn2xBTwtZpOfl3Lc9fLFwMsf9pjmB6vrboWyIXUAl0uPb0vo
-gI6TohwFSk7u0UIbYTpMNWV26kbE+WZBP1mUpgGRgF1GZy8z8DJ7zTkCgYEAxbQJ
-OZE8xslaKOybcsegJinSsRQYXdXj1ieSN18L5UW2QRaQq6dnu4oQjjQ3dz0igAPG
-jRkJSP+2YI8kVpvpWwAhMPsaEEwOSjMfa5/WI+LgZQsVLH/Ksm+qCG5az1bgC9E/
-lzNQyc3WZ+fNN7XlsAKhWGxzftERmMRoehmRCn0CgYA3/PvvOfxlmpuW3F0jXcj8
-4HTy3u8zZ68givtdk2gTtOC9CekVDWm4tLAvMEg7ybCcVzZdKUTAzodKe+NPRI1q
-HoDTj2JvSoxSCSVBRLsrmghzXbIvCMyIOrYztEl6fNh70aOC/S4pZNNoReYa4DPw
-vOwJvQmCeYwVpY1pKpF/wQKBgHTEH4qrmBzEQYbYL/t7ob/IhdLmTnnlYRpT5szj
-SxBPuxP4MtvfFKo0IhELEBNRvTWkhTlCpzRBK0MeZ9TrYsjHa9MVC1DCytHSHeWf
-0ocBcYzcHdZZZ6s5vlAadXHuGoeAP7GaskVuWAqoYpFb0lvBQfAKpbAp5N24awhq
-Xzq1AoGAOCJL1NcVLjr85BOC0VNKNC/SZ5gLe4oE+wQCTvU4VU5q9cob6qCxKQ+8
-NILnnfoW4JNPgyvoo7Vd3lLzBVbJtuAeAeqEM7ekTVvdbjHtLtuOYQBfM+vNmzMw
-MKJmB1zChrDOK9brZUijtaGruggwZ7tswpG8Y4FYA5T6Vt7CgIc=
+MIIEpAIBAAKCAQEAw47NyTN8vMZjyhG3oLRYTrnxJChFZ8TO4nPoYWupox2TTg6s
+FvvM9KI92gz/Y4WRdk317ih2uWx7WyU5cQ+D3S5xDpMGtqHAiAnHQg66G1hmM4a3
+s2EPDLWd++j8TMr9DgBHwsOXVw70IQ0xQT9THZEMHa92kxcXQ2kFTW5EjPi7hzBW
+a+V3yXuMCnwVOzC+DFAu9LHwHEv4Kc96u2j4/PQO1813QINCmKqCP/oUh84Dz4Pm
+JIYhCtoleKYdyXR1y9O3hngjl3mIyu0J8IoToglTwWMrBmqKy57BHZDC1XVxLyHT
+7f9cZBrWGV4nDRm72PJFL0KV2e0M+kHj2y+VwwIDAQABAoIBABMddFQEal7xbXOl
+A7P7rN4VItML9KzN+gL8nWxYX76H94wbtwqQFlqbOTyFJLmPpsZPnIhpACHjzrL8
+En9Qqu0FyxtHl9JmQTGK8yUr11kw7NyAgJhSFmyBnC2xemfvN4kU0e7hu3tRBN/u
+MDBWhkNPmEWWjxqVmTqHm3MUIjM9OQMwezFf+HwcudLM9QRVSOX9oNUw2wcjqqJG
+rr3kMuOm3BHUeFhCYnv7VltnUNvnC3hbm2qNbu3yYYjioKRKMpdaHInlmnoTMwsi
+7cp5QjBStMtSuGf6/nDBHy/wr/yu40lxI2oL6jFMxq6utT0/rQ1UHSMRIOF5MlXn
+NfLrqcECgYEA8ws3WGhVSY0LkO2oZsnnzuHzBg/Mcl6QVn9TfndTG6h/PGWCI0Mj
+7GhsoPDFwBVaRG0iIaqrAdxZ6YmZ2p15SdDEkcVDBGmcLcT2jO5E6S4G06oWlvSq
+G37QdzsNj685UPqCWjaUGtOK9IHegCVKwwYbQ+ra3ze6kfsuQq4V6FECgYEAzfuN
+ozmLylORO3ihLRJ7UVepDj8Qe2xr4Bb4TuKy90/AM9j59RbrVe8cI2C4mGokzoOW
+cndsmyuSPOwVjXcoNt5WhmJAN2jISmKtUd+KbzSX6mPjAhkg96mJUMu9JfyjjM+A
+MMcH+shPn0aPFKT0XWi7knGh0i8Fpm6CpsQDq9MCgYEAyU7yAaUxd2F/QgTHppP4
+EFDwpYWydszCyxJdivO0/8S51sHRX/m9qJP53fhwIyDMir7GNZKSYFEunBRgPkaO
+7sgf+Qml7+K1/OcWvDajF20LNIi+ezyeJXYNn6RnICsn014bWDO6ytmLT+i97fB1
+k0HclY3Sym7zdvTRJWPiO3ECgYEApbe6bhWAJ9kvwP79/Psfh4PVGQcXxZSm/XS9
+dQniHiJladEo2EwGLe7fXn8URFsxHYy0X4dBM13Mm4L8nAG/stUSG6+0JmAAtAfL
+lVEZWPqhNgwCuM9qvJYDSaOAm600D7dpVNTr0JGTrXrg5iUIDJaUQe9111nJW+sQ
+5gZRRc0CgYAc4s81tYhldDH4z2tkCIpJpir6YNtYAPvc7MaIwyBIvixlQzKWhLac
+am0oqnBMUwPPpwvcfMfFDdgGJFeioK0oaFmaVhKYqNM9v5ZlsuUlONE8TOcA2f6g
+gNc7NAONgg/7Bj0NgkKWpfLGVntDYSrsnDsdgifUWUC9Nge1RCqeOg==
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIIEPTCCAyWgAwIBAgIJANs3OdOm704WMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
-VQQGEwJVUzEQMA4GA1UECAwHQXJpem9uYTETMBEGA1UEBwwKU2NvdHRzZGFsZTEa
-MBgGA1UECgwRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsMJGh0dHA6Ly9jZXJ0
-cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAwwqR28gRGFkZHkgU2Vj
-dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE2MTIyMzE4NDQyNFoX
-DTE3MDEyMjE4NDQyNFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25h
-MRMwEQYDVQQHDApTY290dHNkYWxlMRowGAYDVQQKDBFHb0RhZGR5LmNvbSwgSW5j
-LjEtMCsGA1UECwwkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
-MTMwMQYDVQQDDCpHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
-IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu68nrm45yVuDH
-VX6U1LSfV21GPxXeIrihh8WbrOT5thVCCeE0vb5Lk/JZ0/Rd2qxAcL9zgMuQwaOQ
-si3gpKvvxnmh0CjOD/pCTfEfI1qczgZ8KuREib/aOoRjYuUNVqANUFaanDwoc46X
-kWE7HSyAyWvUE1nk4KYPRdTIC8BVz7xfR8NhZkyE9kU0cFAvYfm7V6xEeULvEgHL
-QlGIlnDux/ejAEuXPko2k5W3D8tW1lSKLpE4NL6sweWq+aipySpX/te/G9yhMilT
-ojtIfvk3GzGiW2Zt+t1MX+I6jGFChAEzUep0RRpeyK4z9xzf5CymdVQMiZEAnWwR
-YpVKwG7VAgMBAAGjUDBOMB0GA1UdDgQWBBQc3wugFWxNWEKBJRzprSIA82S6gDAf
-BgNVHSMEGDAWgBQc3wugFWxNWEKBJRzprSIA82S6gDAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBCwUAA4IBAQCDZANKvSa7NX36jDMtQa95aDwTSnEo+AOKQ5lnG5Oa
-ztYnfqD49BwJUoZzO8J5nHqpSWjmssTOrQ0jc3KR/UjnJ73Gw+nppqr9UeHWSqvW
-kuCPxj5/zo+DB0rrMcIZVBqKgkiM5g4CHC+N743PnocmwZtB+uvGjNfaIFknV4Ee
-JKSFGmAtUk1sJn5E3052aDQR7TO7cXPwu8AL9OHYPCd4XmT59cH1pl/ULvJ1Isve
-aY/qcWypMMlsh46UoJooepIbrTPXYWKA2cdPQ9N5vNeg6SYbkwSuZdbgB84ibA9r
-rtNOmsdL7Dbr0FGINHhzhKlS60bVrmEAbyAMVljCC8s6
+MIIFDDCCA/SgAwIBAgIJAKgmMGmQctr/MA0GCSqGSIb3DQEBBQUAMIG0MQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
+MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
+cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
+dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE3MDYyOTE3MTMwNFoX
+DTI3MDYyNzE3MTMwNFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25h
+MRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5j
+LjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
+MTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
+IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDjs3JM3y8xmPK
+EbegtFhOufEkKEVnxM7ic+hha6mjHZNODqwW+8z0oj3aDP9jhZF2TfXuKHa5bHtb
+JTlxD4PdLnEOkwa2ocCICcdCDrobWGYzhrezYQ8MtZ376PxMyv0OAEfCw5dXDvQh
+DTFBP1MdkQwdr3aTFxdDaQVNbkSM+LuHMFZr5XfJe4wKfBU7ML4MUC70sfAcS/gp
+z3q7aPj89A7XzXdAg0KYqoI/+hSHzgPPg+YkhiEK2iV4ph3JdHXL07eGeCOXeYjK
+7QnwihOiCVPBYysGaorLnsEdkMLVdXEvIdPt/1xkGtYZXicNGbvY8kUvQpXZ7Qz6
+QePbL5XDAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUo9Vx+QWZ9ce2K873Xxklfi2J
+Q+owgekGA1UdIwSB4TCB3oAUo9Vx+QWZ9ce2K873Xxklfi2JQ+qhgbqkgbcwgbQx
+CzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNk
+YWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDov
+L2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRk
+eSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzKCCQCoJjBpkHLa/zAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCKe6sCMJ52wAKrv2uKXuep
+qj+epzXB8zTO4z2QcoreUAITEQSqfGjgtyWHM9jqZ8kq97d9KG9M/dp5YCpoAecj
+kn3uweywUIXvyQqazP14KLJh+1W/DuGkzaEJFWbOMuTzE64QSyZ4NM/DW+hbdAls
+1k5zBVZH91qGczpsO1b//+pPFdPMtGJCFm+U1Mh7BzS5KZjsEEEDUO3trT1hP2qF
+9UJr22RZyTI595RW7JTbDaMTT7aTqHD58a6U2Lc2Au6YK0XiajBViqit0XnU2K2K
+2TXj8TpZ+v6O9X/ryYbr4Et4S6B4ljPuNo3CMyj3YPV29IoxNndg7zTHZCXJ3Lxh
 -----END CERTIFICATE-----