MCPcopy
hub / github.com/mitmproxy/mitmproxy / monkey_dummy_cert

Function monkey_dummy_cert

examples/contrib/check_ssl_pinning.py:14–61  ·  view source on GitHub ↗
(privkey, cacert, commonname, sans)

Source from the content-addressed store, hash-verified

12
13
14def monkey_dummy_cert(privkey, cacert, commonname, sans):
15 ss = []
16 for i in sans:
17 try:
18 ipaddress.ip_address(i.decode("ascii"))
19 except ValueError:
20 # Change values in Certificate's Alt Name as well.
21 if ctx.options.certwrongCN:
22 ss.append(b"DNS:%sm" % i)
23 else:
24 ss.append(b"DNS:%s" % i)
25 else:
26 ss.append(b"IP:%s" % i)
27 ss = b", ".join(ss)
28
29 cert = OpenSSL.crypto.X509()
30 if ctx.options.certbeginon:
31 # Set certificate start time somewhere in the future
32 cert.gmtime_adj_notBefore(3600 * 48)
33 else:
34 cert.gmtime_adj_notBefore(-3600 * 48)
35
36 if ctx.options.certexpire:
37 # sets the expire date of the certificate in the past.
38 cert.gmtime_adj_notAfter(-3600 * 24)
39 else:
40 cert.gmtime_adj_notAfter(94608000) # = 24 * 60 * 60 * 365 * 3
41
42 cert.set_issuer(cacert.get_subject())
43 if commonname is not None and len(commonname) < 64:
44 if ctx.options.certwrongCN:
45 # append an extra char to make certs common name different than original one.
46 # APpending a char in the end of the domain name.
47 new_cn = commonname + b"m"
48 cert.get_subject().CN = new_cn
49
50 else:
51 cert.get_subject().CN = commonname
52
53 cert.set_serial_number(int(time.time() * 10000))
54 if ss:
55 cert.set_version(2)
56 cert.add_extensions(
57 [OpenSSL.crypto.X509Extension(b"subjectAltName", False, ss)]
58 )
59 cert.set_pubkey(cacert.get_pubkey())
60 cert.sign(privkey, "sha256")
61 return Cert(cert)
62
63
64class CheckSSLPinning:

Callers

nothing calls this directly

Calls 5

CertClass · 0.90
ip_addressMethod · 0.80
decodeMethod · 0.45
appendMethod · 0.45
joinMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…