Intercepting the Toniebox (client cert auth) #5832
SciLor
started this conversation in
Intercept Everything!
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am currently working on intercepting the traffic of a Toniebox. I came over the SHA-1 problem, but the box stops the connection after "Change Cipher Spec, Finished" from the server with "Alert (Level: Warning, Description: Close Notify)".
What should I do, to identify the issue?
Important data about the Toniebox
-Custom CA (valid from 2015)
-Client Cert Auth (private key/client cert)
-Box starts in the past (no internal clock so it uses 2016 or so?
-Box gets the current time over the payload
-Uses SHA1 signature algos (need to use mitmproxy v8)
What I have done:
-Set up a VM with Ubuntu Server 22.04.1 LTS
-Set up iptables etc. for Transparent mode
-with faketime started mitmproxy 2015-12 to create a CA that is valid from that date.
-installed OpenSSL 1.1.1l (just in case it matters for the sha1 signature algos)
-set up a WiFi with a VLAN and DHCP Server with a fixed gateway that points to the mitm-vm
-created a client.pem with the (private key/client cert)
-installed the ca from mitmproxy to the box
./mitmweb --mode transparent --set client_certs=/client.pem --ssl-insecureEDIT 2022-12-30 14:35: I think there is already a problem with the certificates notAfter/validBefore. But I struggle how to modify the certificates with a plugin
Beta Was this translation helpful? Give feedback.
All reactions