mirror of
https://github.com/bettercap/bettercap.git
synced 2025-03-12 04:36:03 -07:00
141 lines
4.6 KiB
Go
141 lines
4.6 KiB
Go
package tls
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"math/big"
|
|
"os"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/bettercap/bettercap/v2/session"
|
|
)
|
|
|
|
type CertConfig struct {
|
|
Bits int
|
|
Country string
|
|
Locality string
|
|
Organization string
|
|
OrganizationalUnit string
|
|
CommonName string
|
|
}
|
|
|
|
var (
|
|
DefaultLegitConfig = CertConfig{
|
|
Bits: 4096,
|
|
Country: "US",
|
|
Locality: "",
|
|
Organization: "bettercap devteam",
|
|
OrganizationalUnit: "https://bettercap.org/",
|
|
CommonName: "bettercap",
|
|
}
|
|
DefaultSpoofConfig = CertConfig{
|
|
Bits: 4096,
|
|
Country: "US",
|
|
Locality: "Scottsdale",
|
|
Organization: "GoDaddy.com, Inc.",
|
|
OrganizationalUnit: "https://certs.godaddy.com/repository/",
|
|
CommonName: "Go Daddy Secure Certificate Authority - G2",
|
|
}
|
|
)
|
|
|
|
func CertConfigToModule(prefix string, m *session.SessionModule, defaults CertConfig) {
|
|
m.AddParam(session.NewIntParameter(prefix+".certificate.bits", strconv.Itoa(defaults.Bits),
|
|
"Number of bits of the RSA private key of the generated HTTPS certificate."))
|
|
m.AddParam(session.NewStringParameter(prefix+".certificate.country", defaults.Country, ".*",
|
|
"Country field of the generated HTTPS certificate."))
|
|
m.AddParam(session.NewStringParameter(prefix+".certificate.locality", defaults.Locality, ".*",
|
|
"Locality field of the generated HTTPS certificate."))
|
|
m.AddParam(session.NewStringParameter(prefix+".certificate.organization", defaults.Organization, ".*",
|
|
"Organization field of the generated HTTPS certificate."))
|
|
m.AddParam(session.NewStringParameter(prefix+".certificate.organizationalunit", defaults.OrganizationalUnit, ".*",
|
|
"Organizational Unit field of the generated HTTPS certificate."))
|
|
m.AddParam(session.NewStringParameter(prefix+".certificate.commonname", defaults.CommonName, ".*",
|
|
"Common Name field of the generated HTTPS certificate."))
|
|
}
|
|
|
|
func CertConfigFromModule(prefix string, m session.SessionModule) (cfg CertConfig, err error) {
|
|
if err, cfg.Bits = m.IntParam(prefix + ".certificate.bits"); err != nil {
|
|
return cfg, err
|
|
} else if err, cfg.Country = m.StringParam(prefix + ".certificate.country"); err != nil {
|
|
return cfg, err
|
|
} else if err, cfg.Locality = m.StringParam(prefix + ".certificate.locality"); err != nil {
|
|
return cfg, err
|
|
} else if err, cfg.Organization = m.StringParam(prefix + ".certificate.organization"); err != nil {
|
|
return cfg, err
|
|
} else if err, cfg.OrganizationalUnit = m.StringParam(prefix + ".certificate.organizationalunit"); err != nil {
|
|
return cfg, err
|
|
} else if err, cfg.CommonName = m.StringParam(prefix + ".certificate.commonname"); err != nil {
|
|
return cfg, err
|
|
}
|
|
return cfg, err
|
|
}
|
|
|
|
func CreateCertificate(cfg CertConfig, ca bool) (*rsa.PrivateKey, []byte, error) {
|
|
priv, err := rsa.GenerateKey(rand.Reader, cfg.Bits)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
notBefore := time.Now()
|
|
aYear := time.Duration(365*24) * time.Hour
|
|
notAfter := notBefore.Add(aYear)
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
template := x509.Certificate{
|
|
SerialNumber: serialNumber,
|
|
Subject: pkix.Name{
|
|
Country: []string{cfg.Country},
|
|
Locality: []string{cfg.Locality},
|
|
Organization: []string{cfg.Organization},
|
|
OrganizationalUnit: []string{cfg.OrganizationalUnit},
|
|
CommonName: cfg.CommonName,
|
|
},
|
|
NotBefore: notBefore,
|
|
NotAfter: notAfter,
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
|
BasicConstraintsValid: true,
|
|
IsCA: ca,
|
|
}
|
|
|
|
cert, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
return priv, cert, err
|
|
}
|
|
|
|
func Generate(cfg CertConfig, certPath string, keyPath string, ca bool) error {
|
|
keyFile, err := os.Create(keyPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer keyFile.Close()
|
|
|
|
certFile, err := os.Create(certPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer certFile.Close()
|
|
|
|
priv, cert, err := CreateCertificate(cfg, ca)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := pem.Encode(keyFile, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil {
|
|
return err
|
|
}
|
|
|
|
return pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
|
|
}
|