fakessl 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +26 -9
- data/bin/fakessl +27 -6
- data/lib/fakessl/fakessl.rb +75 -32
- data/lib/fakessl/version.rb +1 -1
- metadata +3 -3
data/README.md
CHANGED
|
@@ -7,7 +7,7 @@ FakeSSL impersonates an HTTPS server and prints the client requests.
|
|
|
7
7
|
Download and unzip the master zip from github and execute the following into fakessl dir
|
|
8
8
|
|
|
9
9
|
$ gem build ./fakessl.gemspec
|
|
10
|
-
$ gem install fakessl-0.0.
|
|
10
|
+
$ gem install fakessl-0.0.3.gem
|
|
11
11
|
|
|
12
12
|
Or install it as:
|
|
13
13
|
|
|
@@ -15,18 +15,35 @@ Or install it as:
|
|
|
15
15
|
|
|
16
16
|
## Usage
|
|
17
17
|
|
|
18
|
-
|
|
18
|
+
Generate a certificate:
|
|
19
|
+
|
|
20
|
+
$ fakessl -g test.org
|
|
21
|
+
[+] Generating fake key and certificate for test.org
|
|
22
|
+
|
|
23
|
+
Use the previous certificate and key to setup a fake HTTPS server on port 443:
|
|
24
|
+
|
|
25
|
+
$ sudo fakessl -c test.org.cert -k test.org.key -p 443
|
|
26
|
+
Password:
|
|
27
|
+
[+] Fake test.org is listening on port 443
|
|
28
|
+
[+] Client requests are:
|
|
29
|
+
=> GET /advv HTTP/1.1
|
|
30
|
+
|
|
31
|
+
Single command line to generate certificate and key and setup the HTTPS server:
|
|
32
|
+
|
|
33
|
+
$ sudo fakessl -g test.org -p 443
|
|
19
34
|
Password:
|
|
20
|
-
[+] Generating fake
|
|
21
|
-
|
|
22
|
-
........++
|
|
23
|
-
................................................................++
|
|
24
|
-
writing new private key to 'localhost.key'
|
|
25
|
-
-----
|
|
26
|
-
[+] Fake localhost is listening on port 443
|
|
35
|
+
[+] Generating fake key and certificate for test.org
|
|
36
|
+
[+] Fake test.org is listening on port 443
|
|
27
37
|
[+] Client requests are:
|
|
28
38
|
=> GET /byy.html HTTP/1.1
|
|
29
39
|
|
|
40
|
+
In case you need to use it with a browser that checks the authenticity
|
|
41
|
+
of the certificate you need to import the generated certificate as trusted.
|
|
42
|
+
Firefox example.
|
|
43
|
+
Go to Edit -> Preferences -> Advanced -> View Certificates -> Servers -> Import
|
|
44
|
+
-> Choose the certificate from your drive after generating it.
|
|
45
|
+
Then select the imported certificate and click on the button "Edit Trust...".
|
|
46
|
+
Inside the Firefox window enable "Trust the authenticity of this certificate"
|
|
30
47
|
|
|
31
48
|
## Contributing
|
|
32
49
|
|
data/bin/fakessl
CHANGED
|
@@ -14,13 +14,23 @@ options = {}
|
|
|
14
14
|
|
|
15
15
|
optparse = OptionParser.new do |opts|
|
|
16
16
|
|
|
17
|
-
opts.banner = "Usage:
|
|
17
|
+
opts.banner = "Usage: fakessl -g DOMAIN_NAME -p PORT\n" \
|
|
18
|
+
"Examples:\n" \
|
|
19
|
+
"1. Only generate fake certificates: fakessl -g test.org\n" \
|
|
20
|
+
"2. Generate fake certificate and setup server: fakessl -g test.org -p 5000\n" \
|
|
21
|
+
"3. Setup server using other external certificates: fakessl -c domain.cert -k domain.key -p 5000\n"
|
|
18
22
|
opts.on('-h', '--help', 'Display this menu') do
|
|
19
23
|
puts opts
|
|
20
24
|
exit
|
|
21
25
|
end
|
|
22
|
-
opts.on('-
|
|
23
|
-
options[:
|
|
26
|
+
opts.on('-g', '--generate DOMAIN_NAME', 'FakeSSL certificate generation') do |f|
|
|
27
|
+
options[:domain] = f
|
|
28
|
+
end
|
|
29
|
+
opts.on('-c', '--certificate FILE', 'FakeSSL certificate') do |f|
|
|
30
|
+
options[:certificate] = f
|
|
31
|
+
end
|
|
32
|
+
opts.on('-k', '--key FILE', 'FakeSSL private key') do |f|
|
|
33
|
+
options[:key] = f
|
|
24
34
|
end
|
|
25
35
|
opts.on('-p', '--port PORT', 'Port that FakeSSL should bind eg. 443') do |f|
|
|
26
36
|
if f.is_integer?
|
|
@@ -35,12 +45,23 @@ end
|
|
|
35
45
|
|
|
36
46
|
optparse.parse!
|
|
37
47
|
|
|
38
|
-
if
|
|
48
|
+
if options[:domain] && options[:port].nil?
|
|
49
|
+
cert = FakeSSL::Cert.new(options[:domain])
|
|
50
|
+
cert.generate
|
|
51
|
+
|
|
52
|
+
elsif options[:domain] && options[:port]
|
|
53
|
+
cert = FakeSSL::Cert.new(options[:domain])
|
|
54
|
+
cert.generate
|
|
55
|
+
server = FakeSSL::Server.new(options[:port])
|
|
56
|
+
|
|
57
|
+
elsif (!(options[:certificate].nil?) && !(options[:key].nil?) && !(options[:port].nil?))
|
|
39
58
|
if Integer(options[:port]) < 1025
|
|
40
59
|
raise "Must run as root" unless Process.uid == 0
|
|
41
60
|
end
|
|
42
|
-
|
|
61
|
+
cert = FakeSSL::cert_path(options[:certificate],options[:key])
|
|
62
|
+
server = FakeSSL::Server.new(options[:port])
|
|
63
|
+
|
|
43
64
|
else
|
|
44
|
-
|
|
65
|
+
puts "[-] Mandatory Parameter is missing, try `fakessl -h`"
|
|
45
66
|
end
|
|
46
67
|
|
data/lib/fakessl/fakessl.rb
CHANGED
|
@@ -1,45 +1,88 @@
|
|
|
1
1
|
require 'socket'
|
|
2
2
|
require 'openssl'
|
|
3
3
|
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
def initialize(hostname,lport)
|
|
7
|
-
@hostname = hostname
|
|
8
|
-
@lport = lport.to_i
|
|
9
|
-
$stdout.puts "[+] Generating fake SSL certificate for #{@hostname}"
|
|
10
|
-
generate_certificate
|
|
11
|
-
sslServer = server_setup
|
|
12
|
-
$stdout.puts "[+] Fake #{@hostname} is listening on port #{@lport}"
|
|
13
|
-
get_request(sslServer)
|
|
14
|
-
end
|
|
4
|
+
module FakeSSL
|
|
15
5
|
|
|
16
|
-
|
|
17
|
-
%x[openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=#{@hostname}" -keyout #{@hostname}.key -out #{@hostname}.cert]
|
|
18
|
-
end
|
|
6
|
+
class << self; attr_accessor :domain, :cert, :key; end
|
|
19
7
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
return sslServer
|
|
8
|
+
FakeSSL.domain = nil
|
|
9
|
+
FakeSSL.cert = nil
|
|
10
|
+
FakeSSL.key = nil
|
|
11
|
+
|
|
12
|
+
def FakeSSL.cert_path(fcert, fkey)
|
|
13
|
+
FakeSSL.cert = fcert
|
|
14
|
+
FakeSSL.key = fkey
|
|
15
|
+
FakeSSL.domain = fcert.chomp(".cert")
|
|
29
16
|
end
|
|
30
17
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
conn = sslServer.accept
|
|
35
|
-
lineIn = conn.gets
|
|
36
|
-
if !lineIn.nil?
|
|
37
|
-
$stdout.puts "=> " + lineIn
|
|
38
|
-
end
|
|
18
|
+
class Cert
|
|
19
|
+
def initialize(domain)
|
|
20
|
+
FakeSSL.domain = domain
|
|
39
21
|
end
|
|
22
|
+
|
|
23
|
+
public
|
|
24
|
+
def generate
|
|
25
|
+
puts "[+] Generating fake key and certificate for #{FakeSSL.domain}"
|
|
26
|
+
#generate keys
|
|
27
|
+
key = OpenSSL::PKey::RSA.new 4096
|
|
28
|
+
open "#{FakeSSL.domain}.key", 'w' do |io| io.write key.to_pem end
|
|
29
|
+
|
|
30
|
+
#generate certificate
|
|
31
|
+
name = OpenSSL::X509::Name.parse "CN=#{FakeSSL.domain}/DC=server"
|
|
32
|
+
cert = OpenSSL::X509::Certificate.new
|
|
33
|
+
cert.version = 2
|
|
34
|
+
cert.serial = 0
|
|
35
|
+
cert.not_before = Time.now
|
|
36
|
+
cert.not_after = Time.now + ( 3600 * 24 * 365 )
|
|
37
|
+
cert.public_key = key.public_key
|
|
38
|
+
cert.subject = name
|
|
39
|
+
|
|
40
|
+
#selfsign certificate
|
|
41
|
+
cert.issuer = name
|
|
42
|
+
cert.sign key, OpenSSL::Digest::SHA1.new
|
|
43
|
+
open "#{FakeSSL.domain}.cert", 'w' do |io| io.write cert.to_pem end
|
|
44
|
+
end
|
|
40
45
|
end
|
|
41
46
|
|
|
42
|
-
|
|
47
|
+
class Server
|
|
48
|
+
def initialize(lport)
|
|
49
|
+
@lport = lport.to_i
|
|
50
|
+
sslServer = server_setup
|
|
51
|
+
puts "[+] Fake #{FakeSSL.domain} is listening on port #{@lport}"
|
|
52
|
+
get_request(sslServer)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
private
|
|
56
|
+
def server_setup
|
|
57
|
+
server = TCPServer.new('localhost', @lport)
|
|
58
|
+
sslContext = OpenSSL::SSL::SSLContext.new
|
|
59
|
+
#certificate
|
|
60
|
+
if FakeSSL.cert.nil?
|
|
61
|
+
sslContext.cert = OpenSSL::X509::Certificate.new(File.open("#{FakeSSL.domain}.cert"))
|
|
62
|
+
else
|
|
63
|
+
sslContext.cert = OpenSSL::X509::Certificate.new(File.open("#{FakeSSL.cert}"))
|
|
64
|
+
end
|
|
65
|
+
#private key
|
|
66
|
+
if FakeSSL.key.nil?
|
|
67
|
+
sslContext.key = OpenSSL::PKey::RSA.new(File.open("#{FakeSSL.domain}.key"))
|
|
68
|
+
else
|
|
69
|
+
sslContext.key = OpenSSL::PKey::RSA.new(File.open("#{FakeSSL.key}"))
|
|
70
|
+
end
|
|
71
|
+
sslServer = OpenSSL::SSL::SSLServer.new(server,sslContext)
|
|
72
|
+
return sslServer
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def get_request(sslServer)
|
|
76
|
+
puts "[+] Client requests are: "
|
|
77
|
+
loop do
|
|
78
|
+
conn = sslServer.accept
|
|
79
|
+
lineIn = conn.gets
|
|
80
|
+
if !lineIn.nil?
|
|
81
|
+
puts "=> " + lineIn
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
end
|
|
43
86
|
|
|
44
87
|
end
|
|
45
88
|
|
data/lib/fakessl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fakessl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2013-01-02 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: FakeSSL impersonates an HTTPS server and prints the client requests
|
|
15
15
|
email:
|
|
@@ -48,7 +48,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
48
48
|
version: '0'
|
|
49
49
|
requirements: []
|
|
50
50
|
rubyforge_project:
|
|
51
|
-
rubygems_version: 1.8.
|
|
51
|
+
rubygems_version: 1.8.23
|
|
52
52
|
signing_key:
|
|
53
53
|
specification_version: 3
|
|
54
54
|
summary: FakeSSL impersonates an HTTPS server and prints the client requests
|