Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SAN support to impersonate_ssl module #16661

Merged
merged 1 commit into from
Jun 8, 2022
Merged

Add SAN support to impersonate_ssl module #16661

merged 1 commit into from
Jun 8, 2022

Conversation

dismantl
Copy link
Contributor

@dismantl dismantl commented Jun 8, 2022
edited by gwillcox-r7
Loading

Add Subject Alternative Names (SAN) support to impersonate_ssl module

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use auxiliary/gather/impersonate_ssl
  • set RHOSTS www.example.com
  • set ADD_SAN alt.example.com,1.2.3.4
  • run
  • Verify the SAN entries were added to the certificate:
$ sudo openssl x509 -noout -text -in /root/.msf4/loot/20220608112036_default_93.184.216.34_93.184.216.34_ce_782579.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:1e:8e:b2:79:6f:05:87:ed:80:59:2f:15:00:32:4f:8e
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
        ...
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                41:A5:A7:9F:58:11:39:13:14:BD:F5:A7:1B:C7:93:0E:BE:4A:00:E0
            X509v3 Subject Alternative Name: 
                DNS:alt.example.com, IP Address:1.2.3.4
    Signature Algorithm: sha256WithRSAEncryption
         07:e1:02:ea:15:e0:77:ac:15:4b:da:13:c4:59:87:f6:10:93:
         ...

gwillcox-r7
gwillcox-r7 approved these changes Jun 8, 2022
View reviewed changes
modules/auxiliary/gather/impersonate_ssl.rb
if !datastore['ADD_SAN'].nil? && !datastore['ADD_SAN'].empty?
sans = datastore['ADD_SAN'].to_s.split(/,/)
sans.map! do |san|
san = san =~ Resolv::IPv4::Regex || san =~ Resolv::IPv6::Regex ? "IP:#{san}" : "DNS:#{san}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
san = san =~ Resolv::IPv4::Regex || san =~ Resolv::IPv6::Regex ? "IP:#{san}" : "DNS:#{san}"
san = (san =~ Resolv::IPv4::Regex || san =~ Resolv::IPv6::Regex) ? "IP:#{san}" : "DNS:#{san}"

Suggestion for making this a little easier to read.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See https://support.f5.com/csp/article/K13471 for an example of how the IP and DNS fields might appear in a sample certificate. Adding this comment for future traveler's reference.

@gwillcox-r7
Copy link
Contributor

Changes look good and was able to replicate and confirm the new certificate was generated with the expected format. Thanks for submitting this improvement, will get this landed now!

@gwillcox-r7 gwillcox-r7 self-assigned this Jun 8, 2022
gwillcox-r7 added a commit that referenced this pull request Jun 8, 2022
@gwillcox-r7
Land #16661, Add SAN support to impersonate_ssl module
12cc1c8
@gwillcox-r7 gwillcox-r7 merged commit a55aa84 into rapid7:master Jun 8, 2022
@gwillcox-r7
Copy link
Contributor

Release Notes

The impersonate_ssl module has been enhanced to allow it to add Subject Alternative Names (SAN) fields to the generated SSL certificate.

@gwillcox-r7 gwillcox-r7 added the rn-enhancement release notes enhancement label Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gwillcox-r7 gwillcox-r7 gwillcox-r7 approved these changes

Assignees

@gwillcox-r7 gwillcox-r7

Labels
enhancement module rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dismantl @gwillcox-r7