[SSL Observatory] https://controller.mobile.lan
ArkanoiD
ark at eltex.net
Mon Feb 6 12:52:36 PST 2012
Wait.. It is signed for just one FQDN, what is the point of using it for MITM?
On Mon, Feb 06, 2012 at 08:42:12PM +0100, Jacob Appelbaum wrote:
> Hi,
>
> I'm at a hotel in Munich and I found a rather funny cert performing a
> full MITM for *:443 - https://controller.mobile.lan is signed by VeriSign.
>
> CN = VeriSign Class 3 Secure Server CA - G2
> OU = Terms of use at https://www.verisign.com/rpa (c)09
> OU = VeriSign Trust Network
> O = VeriSign, Inc.
> C = US
>
> % openssl x509 -text -in cert.lan
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 69:53:ea:07:6d:f0:6c:9c:17:e8:66:0d:39:c5:6a:8e
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network,
> OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class
> 3 Secure Server CA - G2
> Validity
> Not Before: Aug 6 00:00:00 2010 GMT
> Not After : Aug 5 23:59:59 2012 GMT
> Subject: C=DE, ST=Lower Saxony, L=Lueneburg, O=Securepoint GmbH,
> OU=NAC Support, OU=Terms of use at www.verisign.com/rpa (c)05,
> CN=controller.mobile.lan
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (1024 bit)
> Modulus (1024 bit):
> 00:c4:26:1b:81:a0:5d:8a:c8:e5:2f:59:b8:4e:72:
> f5:fb:9b:26:22:f6:cb:dd:c5:74:d1:4b:af:83:5d:
> 04:83:74:d6:9c:48:6a:94:f6:4f:d9:33:24:1b:ec:
> 0e:98:fc:1e:e8:d2:df:95:01:3a:3f:27:8c:8a:a6:
> 46:2b:36:84:3a:5e:d7:a4:5d:70:38:11:48:0d:94:
> c2:f8:af:f8:3d:a8:10:22:ee:13:ae:16:63:dd:4e:
> c2:9c:05:cc:41:eb:23:5d:79:65:0e:28:c3:0d:37:
> 5c:d8:83:a3:5b:f0:56:7c:5f:4b:28:f7:ed:d1:96:
> e7:0d:ca:b9:af:34:b6:6f:43
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> X509v3 Key Usage:
> Digital Signature, Key Encipherment
> X509v3 CRL Distribution Points:
> URI:http://SVRSecure-G2-crl.verisign.com/SVRSecureG2.crl
>
> X509v3 Certificate Policies:
> Policy: 2.16.840.1.113733.1.7.23.3
> CPS: https://www.verisign.com/rpa
>
> X509v3 Extended Key Usage:
> TLS Web Server Authentication, TLS Web Client Authentication
> X509v3 Authority Key Identifier:
>
> keyid:A5:EF:0B:11:CE:C0:41:03:A3:4A:65:90:48:B2:1C:E0:57:2D:7D:47
>
> Authority Information Access:
> OCSP - URI:http://ocsp.verisign.com
> CA Issuers -
> URI:http://SVRSecure-G2-aia.verisign.com/SVRSecureG2.cer
>
> 1.3.6.1.5.5.7.1.12:
>
> 0`.^.\0Z0X0V..image/gif0!0.0...+......Kk.(.....R8.).K..!..0&.$http://logo.verisign.com/vslogo1.gif
> Signature Algorithm: sha1WithRSAEncryption
> 22:e1:4d:97:e0:9b:7e:6a:3e:19:6b:b8:a7:cf:ff:b8:e3:ba:
> 29:76:ea:96:d3:8e:09:f6:76:9d:ff:11:8c:1e:f1:36:f8:b4:
> b9:01:37:f4:dc:9f:21:f0:de:03:bc:be:34:d5:bc:b3:df:cd:
> bb:0c:56:53:f5:ec:3d:8a:ed:bc:39:eb:93:b2:de:a8:18:58:
> 6a:33:7d:78:e9:f9:ce:38:2f:cf:14:1e:5d:3a:47:f3:4d:16:
> 48:1b:78:c1:60:b8:f3:c6:60:03:bb:60:b7:2e:a0:e1:12:5f:
> 04:e9:3b:54:92:c7:9e:24:fd:e5:9c:c4:3b:9f:71:76:32:55:
> af:a8:42:b2:30:6c:b0:8c:95:a3:5b:c1:ed:69:c1:40:5c:23:
> c1:82:46:b0:a9:cc:05:ed:5c:5e:c5:0b:06:ca:c3:29:19:5f:
> 95:d0:67:55:ef:fa:8b:82:ef:3e:61:12:20:cd:6e:0c:b9:bf:
> b2:e2:8f:63:93:0a:f2:64:a5:a1:f8:0c:5c:f8:69:63:34:5f:
> b5:72:7b:a4:32:b5:4c:4e:0e:41:6e:9f:4c:1c:66:0a:57:f8:
> 1d:c9:53:50:3c:64:43:d0:2e:a8:ae:5a:00:1c:dd:86:97:ea:
> 26:d7:ae:e1:80:ab:38:28:6c:1d:cf:79:5b:dc:d6:f1:d1:72:
> 94:80:c9:7d
>
> Here's the cert:
>
> -----BEGIN CERTIFICATE-----
> MIIFTjCCBDagAwIBAgIQaVPqB23wbJwX6GYNOcVqjjANBgkqhkiG9w0BAQUFADCB
> tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEvMC0GA1UEAxMm
> VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzIwHhcNMTAwODA2
> MDAwMDAwWhcNMTIwODA1MjM1OTU5WjCBvjELMAkGA1UEBhMCREUxFTATBgNVBAgT
> DExvd2VyIFNheG9ueTESMBAGA1UEBxQJTHVlbmVidXJnMRkwFwYDVQQKFBBTZWN1
> cmVwb2ludCBHbWJIMRQwEgYDVQQLFAtOQUMgU3VwcG9ydDEzMDEGA1UECxQqVGVy
> bXMgb2YgdXNlIGF0IHd3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA1MR4wHAYDVQQD
> FBVjb250cm9sbGVyLm1vYmlsZS5sYW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
> AoGBAMQmG4GgXYrI5S9ZuE5y9fubJiL2y93FdNFLr4NdBIN01pxIapT2T9kzJBvs
> Dpj8HujS35UBOj8njIqmRis2hDpe16RdcDgRSA2Uwviv+D2oECLuE64WY91OwpwF
> zEHrI115ZQ4oww03XNiDo1vwVnxfSyj37dGW5w3Kua80tm9DAgMBAAGjggHRMIIB
> zTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBFBgNVHR8EPjA8MDqgOKA2hjRodHRw
> Oi8vU1ZSU2VjdXJlLUcyLWNybC52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzIuY3Js
> MEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6
> Ly93d3cudmVyaXNpZ24uY29tL3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
> BQUHAwIwHwYDVR0jBBgwFoAUpe8LEc7AQQOjSmWQSLIc4FctfUcwdgYIKwYBBQUH
> AQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wQAYI
> KwYBBQUHMAKGNGh0dHA6Ly9TVlJTZWN1cmUtRzItYWlhLnZlcmlzaWduLmNvbS9T
> VlJTZWN1cmVHMi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2Uv
> Z2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDov
> L2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IB
> AQAi4U2X4Jt+aj4Za7inz/+447opduqW044J9nad/xGMHvE2+LS5ATf03J8h8N4D
> vL401byz3827DFZT9ew9iu28OeuTst6oGFhqM3146fnOOC/PFB5dOkfzTRZIG3jB
> YLjzxmADu2C3LqDhEl8E6TtUkseeJP3lnMQ7n3F2MlWvqEKyMGywjJWjW8HtacFA
> XCPBgkawqcwF7VxexQsGysMpGV+V0GdV7/qLgu8+YRIgzW4Mub+y4o9jkwryZKWh
> +Axc+GljNF+1cnukMrVMTg5Bbp9MHGYKV/gdyVNQPGRD0C6orloAHN2Gl+om167h
> gKs4KGwdz3lb3Nbx0XKUgMl9
> -----END CERTIFICATE-----
>
> All the best,
> Jacob
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
>
>
More information about the Observatory
mailing list