-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add openssl_altchainsforgery_mitm_proxy.rb #5735
Add openssl_altchainsforgery_mitm_proxy.rb #5735
Conversation
This module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. This module requires an active man-in-the-middle attack.
To test this exploit module:
The fake certificate should be verified without errors and you should see "Verify return code: 0 (ok)" in the output.
Copy the roots.pem, untrusted.pem, and bad.pem files created to the tests/certs/ directory in the working tree of the cloned repository.
To test on OpenSSL 1.0.1 stable branch:
Copy the roots.pem, untrusted.pem, and bad.pem files created to the tests/certs/ directory in the working tree of the cloned repository.
The verify_extra_test test should fail. |
Great work, @rcvalle! |
|
||
register_options( | ||
[ | ||
OptString.new('CACERT', [ true, "The leaf certificate's CA certificate", nil]), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like the module should allow to generate the CERT's for the HOST
trying to target. Otherwise anyone trying to use this module must be aware of the correct way to create the certificates, and according to your ruby code, looks like there are some caveats to have into account:
# It isn't mentioned anywhere but the valid leaf certificate must not
# contain the keyUsage extension or it must have at least the keyCertSign
# bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c);
# otherwise; X509_verify_cert fails with
# X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. Do NOT uncomment the
# following line.
# leaf_cert.add_extension(extension_factory.create_extension('keyUsage', 'digitalSignature,nonRepudiation,keyEncipherment'))
Since the ruby code is already there (in the PR). I'm not sure why certs creation isn't facilitated from within the module.... I guess I'm missing something... I'm just doing some monkey review just now ... :( So clarifications are welcome!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't understand your question. The module does create the certificate for the HOST (i.e., fake_cert). However, you need a valid leaf certificate, which you already have or will obtain from a real CA, to sign it. This valid leaf certificate that must not contain the keyUsage extension or must have at least the keyCertSign bit set (or be a proxy certificate and have the digitalSignature bit set). The script above creates the certificates to simulate it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And this clarifies :-) thanks!
Other than the comments above, it works =D
On the client, with a vulnerable openssl:
That's an awesome and fast work =) Thanks a lot for sharing @rcvalle ! |
@rcvalle, finally I've been doing cleaning by myself and landed. My changes to use Rex sockets are here: 45b4334 I tried to use Rex::Services::LocalRelay as recommended by @hmoore-r7 but unfortunately got the next error when trying to use SSL sockets with a LocalRelay
Apparently LocalRelay isn't working fine with Rex SSL sockets :\ I couldn't find any sample in the framework of Rex SSL sockets working with LocalRelay, so decided to skip. As far as we're using Rex sockets, and also allowing the framework to close sockets / cleanup I think we're fine to land :) Hope I didn't waste nothing, feel free to review the landed version! My test before landing:
|
Also, on the victim:
|
@jvazquez-r7 Looks good to me! Thank you! |
The socket is not SSL yet. |
This module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. This module requires an active man-in-the-middle attack.