Skip to content

Instantly share code, notes, and snippets.

@cablethief

cablethief/extract_EAP.sh

Forked from singe/create_certs.sh
Last active February 25, 2024 15:56
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save cablethief/a2b8f0f7d5ece96423ba376d261bd711 to your computer and use it in GitHub Desktop.
Save cablethief/a2b8f0f7d5ece96423ba376d261bd711 to your computer and use it in GitHub Desktop.
Download ZIP
A simple tshark EAP certificate extractor
Raw
extract_EAP.sh
#!/bin/sh
# Simple tshark WiFi EAP certificate extractor
# By dominic@sensepost.com
# All rights reserved 2018
if [ ! -x $(which tshark) ]; then
echo "tshark not installed"
exit 0
fi
if [ "$#" -ne 2 ]; then
echo "Usage: $0 [-r file.cap | -i interface]"
echo "Extracted certificates will be written to <file|int>.cert.rand.der"
exit 0
fi
tmpbase=$(basename $2)
for x in $(tshark $1 $2 \
-Y "ssl.handshake.certificate and eapol" \
-T fields -e "ssl.handshake.certificate"); do
echo $x | \
sed "s/://g" | \
xxd -ps -r | \
tee $(mktemp $tmpbase.cert.XXXX.der) | \
openssl x509 -inform der -text;
done
@glefait
Copy link

glefait commented Jan 23, 2024

Thanks @cablethief and @singe

Updated in https://gist.github.com/glefait/10e28d8e40a752453ed6d87633953ed8 to:

  1. extract all the certificates within a single frame
  2. include the frame.number in the certificate filename

@singe
Copy link

singe commented Jan 23, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment