Skip to content
/ CertSlayer Public
forked from n3k/CertSlayer

This is a tool to instantly test if an application handles SSL certificates the way it is supposed to.

License

MIT license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lazerhawk/CertSlayer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits

CertSlayer

CertSlayer

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

CertSlayer

This is a tool to instantly test if an application handles SSL certificates the way it is supposed to.

Todo

Usage

The tool supports two modes:

  • Proxy: certslayer sets itself as a proxy and monitors for the specified target domains.
  • Standalone: certslayer creates a web server configured with the special test certificate. I found this service http://ipq.co/ to be useful.
  • In both cases it will be necessary to install certslayer.net.crt as a trusted root CA Certificate.

python CertSlayer.py -h

Usage: CertSlayer.py [options]

Options:
  -h, --help            show this help message and exit
  -d DOMAINS_ARG, --domain=DOMAINS_ARG
                        Domain to be monitored, might be used multiple times
                        and supports regular expressions (Only valid for proxy
                        mode)
  -p PORT_ARG, --port=PORT_ARG
                        port to listen
  -m MODE_ARG, --mode=MODE_ARG
                        Operation mode: proxy or standalone
  -i HOST_ARG, --hostname=HOST_ARG
                        Hostname: the IP address or Domain name that the
                        certificate CN will stand for (Only valid for
                        standalone mode)
  -v, --verbose         Verbose mode

python CertSlayer.py -d www.google.com -m proxy -p 9090

The proxy server binds to 9090 and redirects the connections made to the monitored domains to a rogue web server that is setup on the fly with a specific test certificate.

It generates a .CSV with the results of every test:

Example:

Client Address,Hostname,Current TestCase,Expected,Actual
127.0.0.1,www.google.com,Trusted CA Invalid Signature,Certificate Rejected,Certificate Rejected
127.0.0.1,www.google.com,Signed with Unknown CA,Certificate Rejected,Certificate Rejected
127.0.0.1,www.google.com,Signed with CertSlayer CA,Certificate Accepted,Certificate Accepted
127.0.0.1,www.google.com,Self Signed Certificate,Certificate Rejected,Certificate Rejected
127.0.0.1,www.google.com,Wrong CNAME,Certificate Rejected,Certificate Rejected
127.0.0.1,www.google.com,Signed with MD5,Certificate Rejected,Certificate Rejected
127.0.0.1,www.google.com,Signed with MD4,Certificate Rejected,Certificate Rejected
127.0.0.1,www.google.com,Expired Certificate,Certificate Rejected,Certificate Rejected
127.0.0.1,www.google.com,Not Yet Valid Certificate,Certificate Rejected,Certificate Rejected

Author

About

This is a tool to instantly test if an application handles SSL certificates the way it is supposed to.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Python 100.0%