Coverage for /root/GitHubProjects/impacket/impacket/examples/ntlmrelayx/utils/ssl.py : 17%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
2#
3# This software is provided under under a slightly modified version
4# of the Apache Software License. See the accompanying LICENSE file
5# for more information.
6#
7# SSL utilities
8#
9# Author:
10# Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
11#
12# Description:
13# Various functions and classes for SSL support:
14# - generating certificates
15# - creating SSL capable SOCKS protocols
16#
17# Most of the SSL generation example code comes from the pyopenssl examples
18# https://github.com/pyca/pyopenssl/blob/master/examples/certgen.py
19#
20# Made available under the Apache license by the pyopenssl team
21# See https://github.com/pyca/pyopenssl/blob/master/LICENSE
22from OpenSSL import crypto, SSL
23from impacket import LOG
25# This certificate is not supposed to be exposed on the network
26# but only used for the local SOCKS plugins
27# therefore, for now we don't bother with a CA and with hosts/hostnames matching
28def generateImpacketCert(certname='/tmp/impacket.crt'):
29 # Create a private key
30 pkey = crypto.PKey()
31 pkey.generate_key(crypto.TYPE_RSA, 2048)
33 # Create the certificate
34 cert = crypto.X509()
35 cert.gmtime_adj_notBefore(0)
36 # Valid for 5 years
37 cert.gmtime_adj_notAfter(60*60*24*365*5)
38 subj = cert.get_subject()
39 subj.CN = 'impacket'
40 cert.set_pubkey(pkey)
41 cert.sign(pkey, "sha256")
42 # We write both from the same file
43 with open(certname, 'w') as certfile:
44 certfile.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode('utf-8'))
45 certfile.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8'))
46 LOG.debug('Wrote certificate to %s' % certname)
48# Class to wrap the client socket in SSL when serving as a SOCKS server
49class SSLServerMixin(object):
50 # This function will wrap the socksSocket in an SSL layer
51 def wrapClientConnection(self, cert='/tmp/impacket.crt'):
52 # Create a context, we don't really care about the SSL/TLS
53 # versions used since it is only intended for local use and thus
54 # doesn't have to be super-secure
55 ctx = SSL.Context(SSL.SSLv23_METHOD)
56 try:
57 ctx.use_privatekey_file(cert)
58 ctx.use_certificate_file(cert)
59 except SSL.Error:
60 LOG.info('SSL requested - generating self-signed certificate in /tmp/impacket.crt')
61 generateImpacketCert(cert)
62 ctx.use_privatekey_file(cert)
63 ctx.use_certificate_file(cert)
65 sslSocket = SSL.Connection(ctx, self.socksSocket)
66 sslSocket.set_accept_state()
68 # Now set this property back to the SSL socket instead of the regular one
69 self.socksSocket = sslSocket