Stealing Certificates with Apostille
Published: 26 Aug 2018 - 08:30 -0500
At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out.
During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? doppelganger-ing?) tool. However, that over simplifies what it does.
To be more accurate, Apostille generates a clone of the certificate chain, identical in as many details as possible, apart from the actual key values. One thing this could be useful for is bypassing naive cert pinning if the validation is based on details of the signing certs.— @RoganDawes@infosec.exchange (@RoganDawes) August 26, 2018
Copying a certificate’s common name, email, or other fields that are inputted during creation is a relatively easy way to copy certificates, and they can look relatively good at first glance. However, this simple copy leads to many tell-tail signs that it’s fake. For instance lets say I create a certificate like so:
root@apostille-post:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem Generating a 2048 bit RSA private key .................................................................................................................+++ ...+++ writing new private key to 'mycert.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:California Locality Name (eg, city) :Mountain View Organization Name (eg, company) [Internet Widgits Pty Ltd]:Google LLC Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) :*.google.com Email Address :
If I host it out, here are the results side by side with Google.com:
Vaild From, the
Issued By, and most of the other certificate information helps this certificate to stand out as fraudulent. Also, doing this by hand is a PITA.
It’s pretty straight forward to get it going, but you do need both Java’s JDK and Maven to compile it first:
root@apostille-post:~# apt install -y maven default-jdk git
(I’m doing this on a fresh box so it needed git as well)
git clone the repo, and compile with Maven:
root@apostille-post:~# git clone https://github.com/sensepost/apostille Cloning into 'apostille'... remote: Counting objects: 48, done. remote: Total 48 (delta 0), reused 0 (delta 0), pack-reused 48 Unpacking objects: 100% (48/48), done. root@apostille-post:~# cd apostille/ root@apostille-post:~/apostille# mvn package
Step 3, Clone your first certificate:
java -jar target/apostille-1.0-SNAPSHOT.jar google.com:443 tempkeystore.jks ASDqwe123 ASDqwe123
google.com:443is the endpoint that will serve a certificate chain back, this isn’t regulated to only HTTPS, but any TLS endpoint.
tempkeystore.jksis the Java Keystore file that we will putting the certificate chain into.
kspasswordand then the
keypassword(Keystore and certificate password) - I just made them the same as this is an example and I won’t be using the keystore for anything but to export the certificates later.
In order to get the certificates out of the keystore and into a PEM format that I can use for testing, I used the following:
root@apostille-post:~/apostille# keytool -importkeystore -srckeystore tempkeystore.jks -destkeystore myapp.p12 -srcalias *.google.com -srcstoretype jks -deststoretype pkcs12 Importing keystore tempkeystore.jks to myapp.p12...Enter destination keystore password: ASDqwe123 Re-enter new password: ASDqwe123 Enter source keystore password: ASDqwe123
(The passwords will not show up, but I put them in there so you can see what I’m inputting. Again I chose a simple password because I’m converting it one more time)
Then finally to a PEM like so:
root@apostille-post:~/apostille# openssl pkcs12 -in myapp.p12 -out myapp.pem Enter Import Password: ASDqwe123 Enter PEM pass phrase: WugWZ3!F3hD#8P!f Verifying - Enter PEM pass phrase: WugWZ3!F3hD#8P!f
To test out how it looks I’ll reference AKB’s Quick Web Servers list
root@apostille-post:~/apostille# openssl s_server -cert myapp.pem -accept 443 -WWW Enter pass phrase for myapp.pem: WugWZ3!F3hD#8P!f Using default temp DH parameters ACCEPT
And the result is:
A much more believable certificate, even to the discerning eye.
Again, thanks to @RoganDawes for this amazing tool.