Class: BetterCap::Proxy::HTTP::SSL::Authority

Inherits:

Object

• Object
• BetterCap::Proxy::HTTP::SSL::Authority

Defined in:

lib/bettercap/proxy/http/ssl/authority.rb

Overview

This class represents bettercap’s HTTPS CA.

Constant Summary

DEFAULT =

Default CA file.

File.join( Dir.home, '.bettercap', 'bettercap-ca.pem' )

Instance Attribute Summary

• #certificate ⇒ Object readonly

  CA certificate.

• #key ⇒ Object readonly

  CA key.

Instance Method Summary

• #initialize(filename = nil) ⇒ Authority constructor

  Create an instance of this class loading the certificate and key from filename which is expected to be a PEM formatted file.

• #install_ca ⇒ Object
• #spoof(hostname, port = 443) ⇒ Object

  Fetch the certificate from hostname:port, sign it with our own CA and return it.

Constructor Details

#initialize(filename = nil) ⇒ Authority

Create an instance of this class loading the certificate and key from filename which is expected to be a PEM formatted file. If filename is nil, Authority::DEFAULT will be used instead.

# File 'lib/bettercap/proxy/http/ssl/authority.rb', line 119

def initialize( filename = nil )
  install_ca
  filename ||= Authority::DEFAULT

  Logger.info "[#{'SSL'.green}] Loading HTTPS Certification Authority from '#{filename}' ..."

  begin
    pem = File.read(filename)

    @certificate = OpenSSL::X509::Certificate.new(pem)
    @key         = OpenSSL::PKey::RSA.new(pem)
    @store       = Store.new
    @cache       = {}
    @lock        = Mutex.new
  rescue Errno::ENOENT
    raise BetterCap::Error, "'#{filename}' - No such file or directory."

  rescue OpenSSL::X509::CertificateError
    raise BetterCap::Error, "'#{filename}' - Missing or invalid certificate."

  rescue OpenSSL::PKey::RSAError
    raise BetterCap::Error, "'#{filename}' - Missing or invalid key."
  end
end

Instance Attribute Details

#certificate ⇒ Object (readonly)

CA certificate.

# File 'lib/bettercap/proxy/http/ssl/authority.rb', line 112

def certificate
  @certificate
end

#key ⇒ Object (readonly)

CA key.

# File 'lib/bettercap/proxy/http/ssl/authority.rb', line 114

def key
  @key
end

Instance Method Details

#install_ca ⇒ Object

# File 'lib/bettercap/proxy/http/ssl/authority.rb', line 162

def install_ca
  unless File.exist?( Authority::DEFAULT )
    root   = File.join( Dir.home, '.bettercap' )
    source = File.dirname(__FILE__) + '/bettercap-ca.pem'

    Logger.info "[#{'SSL'.green}] Installing CA to #{root} ..."

    FileUtils.mkdir_p( root )
    FileUtils.cp( source, root )
  end
end

#spoof(hostname, port = 443) ⇒ Object

Fetch the certificate from hostname:port, sign it with our own CA and return it.

# File 'lib/bettercap/proxy/http/ssl/authority.rb', line 146

def spoof( hostname, port = 443 )
  @lock.synchronize {
    unless @cache.has_key?(hostname)
      # 1. fetch real server certificate
      s_cert = @store.find( hostname, port )
      # 2. Sign it with our CA.
      s_cert.public_key = @key.public_key
      s_cert.issuer     = @certificate.subject
      s_cert.sign( @key, OpenSSL::Digest::SHA256.new )
      # 3. Profit ^_^
      @cache[hostname] = s_cert
    end
  }
  @cache[hostname]
end