Last active
November 18, 2022 20:22
-
-
Save singe/40bda2a1772aaf4903515cc4e436afe5 to your computer and use it in GitHub Desktop.
A simple tshark EAP certificate extractor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Simple CA cert generator & leaf cert signer | |
# By dominic@sensepost.com | |
# All rights reserved 2019 | |
ca_prefix="ca" | |
leaf_prefix="host" | |
ca_validity="1825" #days | |
leaf_validity="730" #days | |
size=2048 | |
usage() { | |
echo "Simple CA & leaf cert generator & signer" | |
echo "Usage: $0 [-h] [-c <ca.cert.pem> -k <ca.key.pem>] [-l <user1>] [-a <ca>]" | |
echo " -h This help" | |
echo " -c <ca.cert.pem> Specify a CA cert to use instead of generating one (requires -k)" | |
echo " -k <ca.key.pem> Specify the key for the CA cert" | |
echo " -l <leaf_prefix> Specify the name prefix of the leaf certificate and key" | |
echo " -a <ca_prefix> Specify the name prefix of the CA certificate and key" | |
exit 1 | |
} | |
while getopts "hc:k:l:a:" OPTIONS; do | |
case ${OPTIONS} in | |
h) | |
usage;; | |
c) | |
ca_cert=${OPTARG} ;; | |
k) | |
ca_key=${OPTARG} ;; | |
l) | |
leaf_prefix=${OPTARG} ;; | |
a) | |
ca_prefix=${OPTARG} ;; | |
esac | |
done | |
shift $((OPTIND-1)) | |
if [ $OPTIND -eq 1 ]; then | |
echo "Using defaults -a ca -l host" | |
fi | |
if [ -z ${ca_cert} ] && [ -n {$ca_key} ] || [ -n ${ca_cert} ] && [ -z {$ca_key} ]; then | |
echo "-z & -n required together, you can't provide just one." | |
usage | |
fi | |
if [ -z ${ca_cert} ] && [ -z ${ca_key} ]; then | |
ca_cert="$ca_prefix.cert.pem" | |
ca_key="$ca_prefix.key.pem" | |
if [ -f $ca_cert ] || [ -f $ca_key ]; then | |
echo "Cowardly refusing to overwrite files $ca_cert or $ca_key" | |
exit 1 | |
fi | |
# Create CA key | |
openssl genrsa \ | |
-out $ca_prefix.key.pem \ | |
$size | |
# Create self-signed CA cert | |
openssl req -x509 -new -nodes \ | |
-key $ca_prefix.key.pem \ | |
-sha256 \ | |
-days $ca_validity \ | |
-out $ca_prefix.cert.pem | |
fi | |
if [ -f $leaf_prefix.key.pem ] || [ -f $leaf_prefix.cert.pem ]; then | |
echo "Cowardly refusing to overwrite files $leaf_prefix.key.pem or $leaf_prefix.cert.pem" | |
exit 1 | |
fi | |
# Create user key | |
openssl genrsa \ | |
-out $leaf_prefix.key.pem \ | |
$size | |
# Create CSR | |
openssl req -new \ | |
-key $leaf_prefix.key.pem \ | |
-out $leaf_prefix.csr | |
# Generate signed host cert | |
openssl x509 -req \ | |
-in $leaf_prefix.csr \ | |
-CA $ca_cert \ | |
-CAkey $ca_key \ | |
-CAcreateserial \ | |
-out $leaf_prefix.cert.pem \ | |
-days $leaf_validity \ | |
-sha256 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Simple tshark WiFi EAP certificate extractor | |
# By dominic@sensepost.com | |
# All rights reserved 2020 | |
function trap_ctrlc () | |
{ | |
echo "Ctrl-C caught...performing clean up" | |
killall tshark | |
exit 2 | |
} | |
trap "trap_ctrlc" 2 | |
if [ ! -x $(which tshark) ]; then | |
echo "tshark not installed" | |
exit 1 | |
fi | |
if [ -z ${1} ]; then | |
echo "Usage: $0 [-r file.cap] [-i interface]" | |
echo "Extracted certificates will be written to <file|int>.cert.rand.der" | |
exit 1 | |
fi | |
# Newer versions of tshark use tls not ssl | |
filter="ssl.handshake.certificate" | |
tshark -r /etc/resolv.conf $filter 2>/dev/null | |
if [[ $? -eq 2 ]]; then | |
filter="tls.handshake.certificate" | |
fi | |
tmpbase=$(basename $2) | |
for x in $(tshark $1 $2 \ | |
-Y "$filter and eapol" \ | |
-T fields -e "ssl.handshake.certificate"); do | |
echo $x | \ | |
sed "s/://g" | \ | |
xxd -ps -r | \ | |
tee $(mktemp $tmpbase.cert.XXXX.der) | \ | |
openssl x509 -inform der -text; | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Yup. Same issue as @bashbanana and the fix recommended by @GOAT-FARM3R is valid and working.