RTFC.org.uk

Kev Sheldrake

Jackal - Certificate cloner

Download

Tool (Openssl 1.1.0): jackal.1.3.tgz
Tool (Openssl 1.0.0): jackal.1.0.tgz
Github: github/rtfcode/jackal
Slides: jackal.1.0.pdf

Overview

jackal clones SSL certificates. The purpose is to automate and simplify a step in the SSL MITM process.

SSL/TLS connections are established on trust provided by the certificates that are exchanged. Typically the server sends a certificate to the client for verification. All certificates are signed by another certificate. Self-signed certificates are signed by themselves; in all other cases, an end user cerficate is signed by an intermediate certificate authority, which is in-turn signed by other intermediates, the last of which is signed by a root certificate authority. The root certificate authority is self-signed and should be available to the tool or client that wants to verify the end user certificate.

To verify an end user certificate a tool or client finds the certificate that signed it, and then recursively verifies that. If any of the certificates are contained in the CA store, the certificate is deemed to have a valid signature. There are other checks, such as validity dates and confirmation of the end user certificate details to ensure the right certificate is in use.

Man-in-the-middle attacks are possible if the certificate verification routines are flawed or if it is possible to add a fake CA to the CA store. In order to effect such an attack, certificates that mimic the real certificates are required. This tool, jackal, makes fake certificates that are identical to the originals except for the change of keys.

With jackal you can clone a leaf (server) certificate, clone an entire certificate chain, or resign a certificate chain with your own CA. Jackal uses openssl library routines to load the certificates, modify them and re-sign them.

Supported platforms

32bit x86 (Arch) linux
64bit x86 (Arch && Kali) linux

Expecting it to work on any other platforms is very optimistic of you.


        888     .d888                      888                .d8888888b.                                       d8b 888                                    
        888    d88P"                       888               d88P"   "Y88b                                      Y8P 888                                    
        888    888                         888               888  d8b  888                                          888                                    
888d888 888888 888888 .d8888b .d88b.   .d88888  .d88b.       888  888  888       .d88b.  88888b.d88b.   8888b.  888 888      .d8888b .d88b.  88888b.d88b.  
888P"   888    888   d88P"   d88""88b d88" 888 d8P  Y8b      888  888bd88P      d88P"88b 888 "888 "88b     "88b 888 888     d88P"   d88""88b 888 "888 "88b 
888     888    888   888     888  888 888  888 88888888      888  Y8888P"       888  888 888  888  888 .d888888 888 888     888     888  888 888  888  888 
888     Y88b.  888   Y88b.   Y88..88P Y88b 888 Y8b.          Y88b.     .d8      Y88b 888 888  888  888 888  888 888 888 d8b Y88b.   Y88..88P 888  888  888 
888      "Y888 888    "Y8888P "Y88P"   "Y88888  "Y8888        "Y88888888P"       "Y88888 888  888  888 "Y888888 888 888 Y8P  "Y8888P "Y88P"  888  888  888 
                                                                                     888                                                                   
                                                                                Y8b d88P                                                                   
                                                                                 "Y88P"