From charlesreid1

Frankencerts facilitates Man in the Middle/HTTPS attacks by providing a fuzzing framework for certificates.

This basically starts with a base input certificate, then fuzzes the certificate in order to test a certificate checking mechanism and see if it breaks.


Install openssl

Frankencerts needs OpenSSL development headers, so install those:

$ apt-get install libssl-dev

Install pyopenssl in virtualenv

It needs a custom build of PyOpenSSL, and if you try and remove PyOpenSSL from Kali using aptitude, it wants to uninstall kali-linux-full. Yikes.

Using a virtual environment. Refresher on how to use them here: [1] or here: Virtualenv

$ pip install virtualenv
$ virtualenv venv

Now you can do a couple of things. To run an interpreter (python comamnd line) using the virtual environment:

$ virtualenv -p /usr/bin/python2.7 venv # run the python interpreter using this virtual environment

We want to install the custom version of PyOpenSSL, then install Frankencerts, in our virtual environment. Start by copying the modified PyOpenSSL from frankencerts project into our virtual directory:

$ cp -r /path/to/frankencerts/pyOpenSSL-0.13 .

Now we can install this by running build/install, but using our virtual environment python binary:

$ source venv/bin/activate

(venv) $ ls
pyOpenSSL-0.13  venv
(venv) $ cd pyOpenSSL-0.13/
(venv) $ python build
(venv) $ python install

(This is currently where I'm getting stuck. It compiles the library and the code successfully, but it issues a warning about an SSLv3 function in pyOpenSSL C code. When I actually run frankencert, it crashes in that exact function.

Run frankencert

Now grab the frankengen directory and the utilities provided with frankencert:

(venv) $ cp -r /path/to/frankencert/{utils,frankengen} .

Currently running into an issue: can't install/run because SSLv3 functionality not available from OpenSSL library. Warning, implicitly declared function. SSLv23 is just fine. don't understand what the issue is.