mgeeky-Penetration-Testing-.../web/create_mitm_certificate.sh

32 lines
1.1 KiB
Bash

#!/bin/bash
echo -e "\n\nSimple SSL/TLS self-signed CA Certificate generator\n\n"
if [ -z $1 ]; then
echo "Usage: $0 [file_name]"
echo -e "\nGoing with default name: './rogue_server'\n\n"
fi
FILENAME=${1:-rogue_server}
echo "[+] Generating public and private keys pair (.key)..."
openssl genrsa -out $FILENAME.key 1024
echo "[+] Generating a self-signed x509 CA's certificate (.crt)..."
openssl req -new -key $FILENAME.key -x509 -sha256 -days 3600 -out $FILENAME.crt
echo "[+] Generating the PEM file out of the key and certificate files..."
cat $FILENAME.key $FILENAME.crt > $FILENAME.pem
echo -e "\n[>] Certificate's dump:"
openssl x509 -in $FILENAME.pem -text -noout
echo -e "\n[>] Generated files:"
echo -e "\tPKI keys (public/private):\t$FILENAME.key"
echo -e "\tCA Certficate:\t\t$FILENAME.crt"
echo -e "\tResulting PEM:\t\t$FILENAME.pem"
echo -e "\n\n[+] Now you can start a TLS-enabled server with:\n"
echo -e "\n$ sudo socat -vv openssl-listen:443,reuseaddr,fork,cert=$FILENAME.pem,cafile=$FILENAME.crt,verify=0 openssl-connect::,verify=0 \n"
echo "Happy MITM-ing!"