Skip to content

Instantly share code, notes, and snippets.

@luongvo

luongvo/ssl_pinning.sh

Last active January 10, 2023 11:34
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save luongvo/f5010481be2b79b7f10abedc316aaa87 to your computer and use it in GitHub Desktop.
Save luongvo/f5010481be2b79b7f10abedc316aaa87 to your computer and use it in GitHub Desktop.
Download ZIP
SSL Pinning - Public key getting script
Raw
ssl_pinning.sh
#!/bin/bash
certs=`openssl s_client -servername $1 -host $1 -port 443 -showcerts </dev/null 2>/dev/null | sed -n '/Certificate chain/,/Server certificate/p'`
rest=$certs
while [[ "$rest" =~ '-----BEGIN CERTIFICATE-----' ]]
do
cert="${rest%%-----END CERTIFICATE-----*}-----END CERTIFICATE-----"
rest=${rest#*-----END CERTIFICATE-----}
echo `echo "$cert" | grep 's:' | sed 's/.*s:\(.*\)/\1/'`
echo "$cert" | openssl x509 -pubkey -noout |
openssl rsa -pubin -outform der 2>/dev/null |
openssl dgst -sha256 -binary | openssl enc -base64
done
@luongvo
Copy link
Author

luongvo commented Sep 18, 2020 

./ssl_pinning.sh www.google.com

/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
/C=US/O=Google Trust Services/CN=GTS CA 1O1
YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=

@satheeshwaran
Copy link

satheeshwaran commented Jan 10, 2023
edited

This script works perfectly and returns the pin data of all the certificates returned by the server. I matched the results with the report from https://www.ssllabs.com/ssltest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment