Monday, February 25, 2013

SSL Spoofing with Surrogate

I've been doing a lot with SSL certificates recently.  Setting up certificate authorities for testing purposes and other things got me thinking about what it would take to spoof SSL certificates for any site.   Taking over the session at HTTP CONNECT time is easy enough, but then the problem becomes generating certificates.

Enter uCA.  uCA is a micro certification authority.  Once uCA has been configured with its initial CA cert it presents an HTTP interface that can be used to request a certificate and key pair for any commonName.  I have configured Surrogate to request a key and certificate pair from uCA based on the requested CONNECT host.  Surrogate then upgrades the connection to SSL then hands the socket back to the main HTTP proxy handler.

After working out a few bugs I am now able to browse SSL sites that are validated by my local certificate authority.
I still need to add some configuration options for surroage and improve the security and user interface of uCA, but my initial proof of concept is working.