Frankencerts facilitates Man in the Middle/HTTPS attacks by providing a fuzzing framework for certificates.

This basically starts with a base input certificate, then fuzzes the certificate in order to test a certificate checking mechanism and see if it breaks.

Installing

Install openssl

Frankencerts needs OpenSSL development headers, so install those:

$ apt-get install libssl-dev

Install pyopenssl in virtualenv

It needs a custom build of PyOpenSSL, and if you try and remove PyOpenSSL from Kali using aptitude, it wants to uninstall kali-linux-full. Yikes.

Using a virtual environment. Refresher on how to use them here: [1] or here: Virtualenv

$ pip install virtualenv
$ virtualenv venv

Now you can do a couple of things. To run an interpreter (python comamnd line) using the virtual environment:

$ virtualenv -p /usr/bin/python2.7 venv # run the python interpreter using this virtual environment

We want to install the custom version of PyOpenSSL, then install Frankencerts, in our virtual environment. Start by copying the modified PyOpenSSL from frankencerts project into our virtual directory:

$ cp -r /path/to/frankencerts/pyOpenSSL-0.13 .

Now we can install this by running setup.py build/install, but using our virtual environment python binary:

$ source venv/bin/activate

(venv) $ ls
pyOpenSSL-0.13  venv
(venv) $ cd pyOpenSSL-0.13/
(venv) $ python setup.py build
(venv) $ python setup.py install

(This is currently where I'm getting stuck. It compiles the library and the code successfully, but it issues a warning about an SSLv3 function in pyOpenSSL C code. When I actually run frankencert, it crashes in that exact function.

Run frankencert

Now grab the frankengen directory and the utilities provided with frankencert:

(venv) $ cp -r /path/to/frankencert/{utils,frankengen} .

Currently running into an issue: can't install/run because SSLv3 functionality not available from OpenSSL library. Warning, implicitly declared function. SSLv23 is just fine. don't understand what the issue is.

Flags

monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker. MITM Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired Layer 1 and 2 MITM Attacks: MITM/Layer 1 and 2 Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin  · MITM/Evil Twin Layer 3 and 4 MITM Attacks: MITM/Layer 3 and 4 Traffic Sniffing: MITM/Sniffing ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS Layer 5 MITM Attacks: Session Hijacking: MITM/Session Hijacking Toolz: Ettercap  · Bettercap  · MITMf  · EvilFOCA Wireshark  · Aircrack Dsniff  · Arpspoof  · Dnsspoof SSLSniff  · SSLStrip  · Frankencert Driftnet  · Karma MITM Labs: {{MITMLabs}} Category:MITM  · Category:Attacks  · Category:Kali Attack Layers Template:MITMLabs  · Template:MITMFlag Flags  · Template:MITMFlag  · e