Obtain and parse SSL certificates

Overview

CheckCert

A small utility to request the SSL certificate from a public or private web application. CheckCert helps operators in the following ways:

  1. It validates whether or not a webserver can be reached.
  2. The Issuer field can help determine if SSL/TLS inspection is in place.
  3. Hostnames can be obtained via the Name field in cases where IP addresses don't have associated PTR records.

Both a C# and BOF version of CheckCert are included. The BOF version was created to overcome an operational issue in an environment with tight egress rules. It was possible to establish DNS C2, however, it was difficult to find a suitable domain that was allowed outbound via HTTPS. The CheckCert BOF was created in an effort to minimize the amount of traffic sent via DNS, while providing the ability to request SSL certificates from publicly accessible domains.

C# Usage

You can grab a copy of CheckCert from the releases page. Alternatively, feel free to compile the solution yourself.

CheckCert.exe https://nytimes.com
[+] Certificate for: https://nytimes.com

Name: CN=nytimes.com
Issuer: CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
Expiration: 4/5/2022 8:00:00 PM
Effective Date: 1/2/2020 7:00:00 PM
Thumbprint: CB29785052F1B91E530CBE546C11DFE62994D76E
Serial Number: 00B947803967139F666A54B56C27B852B5
Public Key String: 3082010A0282010100DAF21805C1248D18F129104486B7882B99DBC30948B3691A7383075DEBA1FD054173E0FDB31432BAE4924F311CA2D1312541A85C08F8B0D0FAF7F35454C1E0D3C1ADC679E274A39124A5A4BCA93B7DB3D4E682591D6CA363A26D350CD06951089BD249148A33DD46174B0112B42786E312A878D5A8EC6B181A2DEFC4384558597081D596B2711CB9728ED423FED2FDD4DF315BE3F278C37A36CBE7BB4788447FD54EC5598D446CFA17EDA8D4C18FE5067B9263FCF0FD768BFE24D59BDFA89719E53F26937E1D526F9A71938D7F099BFE85077AA278F5B98F1E4081FB47E22313E0D588956A058DDA7AF7DED0B68F0F1DE662D594D31CED164C94B16C7D0D34A70203010001

BOF Usage

The BOF can take a comma-separated list of domains. Several assumptions have been made, which can easily be changed by editing the source file and recompiling:

  1. The connect port has been set to 443.
  2. The HTTP referrer has been set to /.
  3. The User-Agent string has been has been set to Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36.

You can grab a copy of the CheckCert BOF here. Alternatively, feel free to compile yourself using either the x86 or x64 Developer Command Prompt for VS: cl.exe /c /GS- CheckCert.c /FoCheckCertx64.o

inline-execute C:\Users\skawa\Desktop\CheckCertx64.o www.ft.com,www.cnn.com
[*] Tasked beacon to inline-execute C:\Users\skawa\Desktop\CheckCertx64.o
[+] host called home, sent: 3704 bytes
[+] received output:

[+] Getting SSL certificate details for https://www.ft.com:443/

[+] received output:

Name: CN=*.ft.com
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020
Expiration: 06/28/2022
Effective Date: 05/27/2021

[+] received output:

[+] Getting SSL certificate details for https://www.cnn.com:443/

[+] received output:

Name: CN=*.api.cnn.com
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020
Expiration: 05/22/2022
Effective Date: 04/20/2021

Credits / References

You might also like...
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Ubuntu

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library is a C software library that is widely regarded by developers as the gold standard open source SDK for elliptic curve cryptography (ECC).

MIRACL What is MIRACL? Multiprecision Integer and Rational Arithmetic Cryptographic Library – the MIRACL Crypto SDK – is a C software library that is

BTCU Wallet is the original Bitcoin Ultimatum client and it builds the backbone of the network.

The concept of BTCU is similar to the concept of the second cryptocurrency by capitalization - Ethereum.

Ethereum miner with OpenCL, CUDA and stratum support

Ethminer is an Ethash GPU mining worker: with ethminer you can mine every coin which relies on an Ethash Proof of Work thus including Ethereum, Ethereum Classic, Metaverse, Musicoin, Ellaism, Pirl, Expanse and others. This is the actively maintained version of ethminer. It originates from cpp-ethereum project (where GPU mining has been discontinued) and builds on the improvements made in Genoil's fork. See FAQ for more details.

Nano is a digital payment protocol designed to be accessible and lightweight, with a focus on removing inefficiencies present in other cryptocurrencies.

Nano is a digital payment protocol designed to be accessible and lightweight, with a focus on removing inefficiencies present in other cryptocurrencies. With ultrafast transactions and zero fees on a secure, green and decentralized network, this makes Nano ideal for everyday transactions.

hashcat is the world's fastest and most advanced password recovery utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.

Nano is a digital payment protocol designed to be accessible and lightweight, with a focus on removing inefficiencies present in other cryptocurrencies.

Nano is a digital payment protocol designed to be accessible and lightweight, with a focus on removing inefficiencies present in other cryptocurrencies. With ultrafast transactions and zero fees on a secure, green and decentralized network, this makes Nano ideal for everyday transactions.

PTHash is a C++ library implementing fast and compact minimal perfect hash functions

Fast and compact minimal perfect hash functions in C++.

Releases(v1.0.0)
Owner
Sanjiv Kawa
Sanjiv Kawa
An open source, portable, easy to use, readable and flexible SSL library

README for Mbed TLS Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocol

Arm Mbed 3.9k Jan 7, 2023
TLS/SSL and crypto library

Welcome to the OpenSSL Project OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protoco

OpenSSL 20.5k Jan 6, 2023
s2n : an implementation of the TLS/SSL protocols

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. It is released and l

Amazon Web Services 4.2k Dec 31, 2022
A stable nginx module for SSL/TLS ja3 fingerprint, with high performance.

nginx-ssl-fingerprint A stable nginx module for SSL/TLS ja3 fingerprint, with high performance. Description This module adds new nginx variables for t

phuslu 50 Dec 14, 2022
s2n : an implementation of the TLS/SSL protocols

s2n-tls is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. It is released a

Amazon Web Services 4.2k Jan 4, 2023
HashLibPlus is a recommended C++11 hashing library that provides a fluent interface for computing hashes and checksums of strings, files, streams, bytearrays and untyped data to mention but a few.

HashLibPlus HashLibPlus is a recommended C++11 hashing library that provides a fluent interface for computing hashes and checksums of strings, files,

Telepati 6 Dec 22, 2022
Text-Crypt is a tool which encrypts and decrypts texts using a specific and certain key.

Text-Crypt is a tool which encrypts and decrypts texts using a specific and certain key. This tool uses Caesar Cypher Algorithm to encrypt and decrypt a given text.

AnonabdulJ 4 Dec 24, 2021
Library and command line tool to detect SHA-1 collision in a file

sha1collisiondetection Library and command line tool to detect SHA-1 collisions in files Copyright 2017 Marc Stevens [email protected] Distributed

Marc Stevens 1.2k Dec 29, 2022