Module: Rex::Socket::Ssl::CertProvider

Defined in:
lib/rex/socket/ssl.rb

Class Method Summary collapse

Class Method Details

.ssl_generate_certificate(cert_vars: {}, **opts) ⇒ String, Array

Generate a realistic-looking but obstensibly fake SSL certificate. This matches a typical “snakeoil” cert.

Returns:

  • (String, String, Array) 


38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/rex/socket/ssl.rb', line 38

def self.ssl_generate_certificate(cert_vars: {}, **opts)
  yr      = 24*3600*365
  vf      = Time.at(Time.now.to_i - rand(yr * 3) - yr)
  vt      = Time.at(vf.to_i + (rand(4..9) * yr))
  subject = ssl_generate_subject(**cert_vars)
  issuer  = ssl_generate_issuer
  key     = OpenSSL::PKey::RSA.new(2048){ }
  cert    = OpenSSL::X509::Certificate.new
  cert.version    = 2
  cert.serial     = (rand(0xFFFFFFFF) << 32) + rand(0xFFFFFFFF)
  cert.subject    = OpenSSL::X509::Name.parse(subject)
  cert.issuer     = OpenSSL::X509::Name.parse(issuer)
  cert.not_before = vf
  cert.not_after  = vt
  cert.public_key = key.public_key

  ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
  cert.extensions = [
    ef.create_extension("basicConstraints","CA:FALSE")
  ]
  ef.issuer_certificate = cert

  cert.sign(key, OpenSSL::Digest::SHA256.new)

  [key, cert, nil]
end

.ssl_generate_issuerObject 



27
28
29
30
31
 
# File 'lib/rex/socket/ssl.rb', line 27

def self.ssl_generate_issuer
  org = Rex::Text.rand_name.capitalize
  cn  = Rex::Text.rand_name.capitalize + " " + Rex::Text.rand_name.capitalize
  "/C=US/O=#{org}/CN=#{cn}"
end

.ssl_generate_subject(cn: nil, org: nil, loc: nil, st: nil) ⇒ Object 



19
20
21
22
23
24
25
 
# File 'lib/rex/socket/ssl.rb', line 19

def self.ssl_generate_subject(cn: nil, org: nil, loc: nil, st: nil)
  st  ||= Rex::Text.rand_state
  loc ||= Rex::Text.rand_name.capitalize
  org ||= Rex::Text.rand_name.capitalize
  cn  ||= Rex::Text.rand_hostname
  "/C=US/ST=#{st}/L=#{loc}/O=#{org}/CN=#{cn}"
end