Stealing Certificates with Apostille

2018-08-26 738 words 4 minutes

Contents

At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out.

During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? doppelganger-ing?) tool. However, that over simplifies what it does.

To be more accurate, Apostille generates a clone of the certificate chain, identical in as many details as possible, apart from the actual key values. One thing this could be useful for is bypassing naive cert pinning if the validation is based on details of the signing certs.
— @RoganDawes@infosec.exchange (@RoganDawes) August 26, 2018

Copying a certificate’s common name, email, or other fields that are inputted during creation is a relatively easy way to copy certificates, and they can look relatively good at first glance. However, this simple copy leads to many tell-tail signs that it’s fake. For instance lets say I create a certificate like so:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20


root@apostille-post:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem
Generating a 2048 bit RSA private key
.................................................................................................................+++
...+++
writing new private key to 'mycert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Mountain View
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Google LLC
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.google.com
Email Address []:

If I host it out, here are the results side by side with Google.com:

The Vaild From, the Issued By, and most of the other certificate information helps this certificate to stand out as fraudulent. Also, doing this by hand is a PITA.

Enter Apostille.

It’s pretty straight forward to get it going, but you do need both Java’s JDK and Maven to compile it first:

1

root@apostille-post:~# apt install -y maven default-jdk git

(I’m doing this on a fresh box so it needed git as well)

Step 2, git clone the repo, and compile with Maven:

1
2
3
4
5
6
7


root@apostille-post:~# git clone https://github.com/sensepost/apostille
Cloning into 'apostille'...
remote: Counting objects: 48, done.
remote: Total 48 (delta 0), reused 0 (delta 0), pack-reused 48
Unpacking objects: 100% (48/48), done.
root@apostille-post:~# cd apostille/
root@apostille-post:~/apostille# mvn package

Step 3, Clone your first certificate: java -jar target/apostille-1.0-SNAPSHOT.jar google.com:443 tempkeystore.jks ASDqwe123 ASDqwe123

google.com:443 is the endpoint that will serve a certificate chain back, this isn’t regulated to only HTTPS, but any TLS endpoint.
tempkeystore.jks is the Java Keystore file that we will putting the certificate chain into.
ASDqwe123 is the kspassword and then the keypassword (Keystore and certificate password) - I just made them the same as this is an example and I won’t be using the keystore for anything but to export the certificates later.

In order to get the certificates out of the keystore and into a PEM format that I can use for testing, I used the following:

Source: https://www.calazan.com/how-to-convert-a-java-keystore-jks-to-pem-format/

1
2
3
4


root@apostille-post:~/apostille# keytool -importkeystore -srckeystore tempkeystore.jks -destkeystore myapp.p12 -srcalias *.google.com -srcstoretype jks -deststoretype pkcs12
Importing keystore tempkeystore.jks to myapp.p12...Enter destination keystore password: ASDqwe123
Re-enter new password: ASDqwe123
Enter source keystore password: ASDqwe123

(The passwords will not show up, but I put them in there so you can see what I’m inputting. Again I chose a simple password because I’m converting it one more time)

Then finally to a PEM like so:

1
2
3
4


root@apostille-post:~/apostille# openssl pkcs12 -in myapp.p12 -out myapp.pem
Enter Import Password: ASDqwe123
Enter PEM pass phrase: WugWZ3!F3hD#8P!f
Verifying - Enter PEM pass phrase: WugWZ3!F3hD#8P!f

To test out how it looks I’ll reference AKB’s Quick Web Servers list

1
2
3
4


root@apostille-post:~/apostille# openssl s_server -cert myapp.pem -accept 443 -WWW
Enter pass phrase for myapp.pem: WugWZ3!F3hD#8P!f
Using default temp DH parameters
ACCEPT

And the result is:

A much more believable certificate, even to the discerning eye.

Again, thanks to @RoganDawes for this amazing tool.