Ssl

This is the blog version of my DEFCON 26 talk Lost and Found Certificates: dealing with residual certificates for pre-owned domains, which I co-presented with Dylan Ayrey. You can learn more about BygoneSSL and see a demo at insecure.design. The Problem A Certificate can outlive the ownership of a domain. If the domain is then re-registered by someone else, this leaves with the first owner with a valid SSL certificate for the domain now owned by someone else. ...

Certgraph is a tool I’ve been developing to scan and graph the network of SSL certificate alternative names. It can be used to find other domains that belong to an organization that may be several orders removed and not always obvious. Background The idea for this project came about after examining the SSL certificate for XKCD.com. If you look closely at the screenshot below you will see that the SSL certificate used on XKCD.com is also valid for many of domains which have no relationship to XKCD or Randall Munroe. ...

CertGraph crawls SSL certificates to map domain relationships through certificate alternate names. The tool builds a directed graph where domains are nodes and certificate alternative names create edges between related domains. The program performs hostname enumeration by following certificate relationships, revealing domain connections that may not be apparent through traditional DNS enumeration. It outputs data in various formats including graphical representations for network topology analysis.

Recently there has been a lot of buzz about the recent Heartbleed vulnerability found in some versions of OpenSSL. The attack works due to a mistake in the server validating part of the request made by the SSL client. The popular web comic XKCD has made a great simple comic explaining how the attack works, and there are simple tools to test for vulnerable servers. But how does this affect me, a user? ...