GithubHelp home page GithubHelp logo

dozernz / clone-cert Goto Github PK

View Code? Open in Web Editor NEW

This project forked from syss-research/clone-cert

0.0 1.0 0.0 20 KB

Simple shell script to "clone" X.509 certificates

License: MIT License

Shell 100.00%

clone-cert's Introduction

clone-cert.sh

This is a simple shell script that retrieves the X.509 certificate associated with an SSL wrapped TCP port and uses openssl to create a similar certificate by replacing the RSA modulus and fixing the signature. This is particularly useful if you want to demonstrate why self-signed certificates cannot provide any security. Of course, the fingerprint of the cloned certificate will be different... but who checks the fingerprint of a self-signed certificate by hand?

Example

Run the script:

$ ./clone-cert.sh www.example.com:443
/tmp/www.example.com:443.key
/tmp/www.example.com:443.cert

The new certificate is in /tmp/www.example.com:443.cert and the corresponding private key is in /tmp/www.example.com:443.key. Their difference is only in the RSA modulus and the signature:

$ diff <(openssl x509 -in /tmp/www.example.com:443.cert -noout -text) \
       <(openssl s_client  -connect www.example.com:443 < /dev/null 2> /dev/null \
         | openssl x509 -noout -text)
16,33c16,33
<                     00:c3:59:26:a5:ed:1c:2b:75:3a:0c:a2:ab:49:43:
<                     e8:1a:cd:24:64:4a:11:5a:fe:94:10:57:2a:af:f6:
<                     28:a0:0a:32:3e:09:a2:1c:60:f0:39:62:40:78:3b:
<                     9f:69:0e:ca:64:71:72:f5:00:16:ba:63:57:2b:85:
<                     dd:fb:2b:93:28:7f:fe:77:9f:a6:ff:6e:38:9b:65:
<                     94:c4:34:59:53:33:4d:47:58:88:e1:fb:55:c8:48:
<                     6d:19:e6:f3:84:6d:34:cd:93:88:e5:d2:70:2c:bc:
<                     cd:d6:f3:56:8a:7f:04:a5:b5:c6:8c:bd:f2:b5:ef:
<                     d5:c7:ab:5a:83:ea:f2:b9:f6:9f:9e:73:55:bf:a2:
<                     14:03:f4:01:3c:11:48:9c:da:69:7e:e4:9c:01:5b:
<                     a7:03:2d:6c:dc:62:4a:72:ba:a5:18:5b:d5:64:4e:
<                     8a:65:b5:f1:6f:fa:76:eb:8e:c0:5d:4a:44:bf:65:
<                     6e:55:b1:1d:b4:dc:3f:56:db:5e:e4:2a:8b:e4:21:
<                     53:90:28:87:14:85:9e:93:82:3b:3a:e0:0f:fc:b5:
<                     35:46:52:db:6e:6e:11:68:78:9b:07:02:7d:12:49:
<                     e9:8a:47:07:f9:74:59:5d:4f:13:b2:40:6b:82:b1:
<                     08:ef:62:ef:92:b7:67:2d:6e:10:33:2f:8d:e8:aa:
<                     25:2f
---
>                     00:b3:40:96:2f:61:63:3e:25:c1:97:ad:65:45:fb:
>                     ef:13:42:b3:2c:99:86:f4:b5:80:0b:76:dc:06:38:
>                     2c:1f:a3:62:55:5a:36:76:de:ae:5d:fc:e2:e5:b4:
>                     e6:ec:5d:ca:ee:ca:df:50:16:24:2c:ee:fc:9a:b6:
>                     8c:f6:a8:b3:ac:7a:08:7b:2a:1f:ad:5f:e7:fa:96:
>                     59:25:ab:90:b0:f8:c2:3f:13:04:26:74:68:0f:c6:
>                     78:2a:95:8a:5f:42:f2:0e:ed:52:a6:eb:68:23:89:
>                     e5:43:f8:6d:12:1b:62:42:7b:a8:05:f3:59:c4:5e:
>                     d6:c5:cc:46:c0:4b:19:b9:2d:4a:71:72:24:1e:5e:
>                     55:44:93:ab:78:a1:47:4d:a5:dc:07:5a:9c:67:f4:
>                     11:68:12:2f:d3:28:71:bc:ad:72:05:3c:16:75:d4:
>                     f8:72:58:ba:19:f1:dc:09:ed:f1:18:c6:92:2f:7d:
>                     bc:16:0b:37:8d:8a:ef:1b:6f:4f:b9:e0:7a:54:98:
>                     bf:b5:b6:cf:bb:aa:93:7f:0a:7f:1f:56:eb:a9:d8:
>                     e1:db:d5:39:d8:18:5b:d1:f2:64:33:d0:d6:c4:23:
>                     ff:09:ab:6d:71:ce:da:cf:c1:17:9c:23:be:2c:af:
>                     2f:92:1c:3f:90:08:89:58:f2:b1:e1:10:6f:83:2e:
>                     f7:9f
67,81c67,81
<          66:9e:dc:08:c6:81:2e:91:80:d7:7a:27:a9:0f:fb:72:89:53:
<          21:b8:37:e9:f1:d6:d2:e8:98:08:01:29:ef:eb:74:19:30:6f:
<          b0:a0:8d:c3:09:ec:06:cf:65:59:0e:8f:45:a4:8f:70:b2:8a:
<          a3:71:d8:0f:eb:87:95:be:ba:22:76:3d:3c:33:62:c4:28:34:
<          6e:1a:be:de:8e:50:87:95:9c:85:ad:bf:91:b4:06:55:d6:b9:
<          e2:f7:26:a1:5e:b9:57:f4:97:97:0f:08:9e:8f:36:6e:85:9c:
<          aa:69:78:93:c0:aa:2a:ac:62:44:3f:eb:b3:4a:ee:6b:c9:63:
<          91:af:64:3f:8b:f1:b9:15:49:12:12:e4:7a:0f:ac:8c:7e:dc:
<          e8:b3:2b:ad:37:e4:d9:90:34:e0:1d:b8:5e:5c:fb:e2:fa:ed:
<          a2:11:0c:00:5b:e3:29:c6:51:7d:d6:1b:06:73:56:25:fe:20:
<          17:28:bb:dd:5c:8e:a6:bc:cf:a2:cf:56:75:f7:f0:cc:e2:c4:
<          28:57:9b:79:6c:5d:c5:63:0b:a5:47:4d:78:66:5b:0f:36:60:
<          49:70:44:75:0a:d1:76:52:9a:81:ee:02:13:39:ea:cc:a5:a1:
<          45:23:02:91:36:03:e3:46:2e:c8:ce:2c:83:1f:73:b8:e4:96:
<          e3:2b:97:3b
---
>          84:a8:9a:11:a7:d8:bd:0b:26:7e:52:24:7b:b2:55:9d:ea:30:
>          89:51:08:87:6f:a9:ed:10:ea:5b:3e:0b:c7:2d:47:04:4e:dd:
>          45:37:c7:ca:bc:38:7f:b6:6a:1c:65:42:6a:73:74:2e:5a:97:
>          85:d0:cc:92:e2:2e:38:89:d9:0d:69:fa:1b:9b:f0:c1:62:32:
>          65:4f:3d:98:db:da:d6:66:da:2a:56:56:e3:11:33:ec:e0:a5:
>          15:4c:ea:75:49:f4:5d:ef:15:f5:12:1c:e6:f8:fc:9b:04:21:
>          4b:cf:63:e7:7c:fc:aa:dc:fa:43:d0:c0:bb:f2:89:ea:91:6d:
>          cb:85:8e:6a:9f:c8:f9:94:bf:55:3d:42:82:38:4d:08:a4:a7:
>          0e:d3:65:4d:33:61:90:0d:3f:80:bf:82:3e:11:cb:8f:3f:ce:
>          79:94:69:1b:f2:da:4b:c8:97:b8:11:43:6d:6a:25:32:b9:b2:
>          ea:22:62:86:0d:a3:72:7d:4f:ea:57:3c:65:3b:2f:27:73:fc:
>          7c:16:fb:0d:03:a4:0a:ed:01:ab:a4:23:c6:8d:5f:8a:21:15:
>          42:92:c0:34:a2:20:85:88:58:98:89:19:b1:1e:20:ed:13:20:
>          5c:04:55:64:ce:9d:b3:65:fd:f6:8f:5e:99:39:21:15:e2:71:
>          aa:6a:88:82

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.