Last active
February 12, 2025 10:58
-
-
Save singe/40bda2a1772aaf4903515cc4e436afe5 to your computer and use it in GitHub Desktop.
A simple tshark EAP certificate extractor and new certificate hierarchy creator.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Simple CA cert generator & leaf cert signer | |
| # By [email protected] | |
| # All rights reserved 2019 | |
| ca_prefix="ca" | |
| leaf_prefix="host" | |
| ca_validity="1825" #days | |
| leaf_validity="730" #days | |
| size=2048 | |
| usage() { | |
| echo "Simple CA & leaf cert generator & signer" | |
| echo "Usage: $0 [-h] [-c <ca.cert.pem> -k <ca.key.pem>] [-l <user1>] [-a <ca>]" | |
| echo " -h This help" | |
| echo " -c <ca.cert.pem> Specifcy a CA cert to use instead of generating one (requires -k)" | |
| echo " -k <ca.key.pem> Specify the key for the CA cert" | |
| echo " -l <leaf_prefix> Specify the name prefix of the leaf certificate and key" | |
| echo " -a <ca_prefix> Specify the name prefix of the CA certificate and key" | |
| exit 1 | |
| } | |
| while getopts "hc:k:l:a:" OPTIONS; do | |
| case ${OPTIONS} in | |
| h) | |
| usage;; | |
| c) | |
| ca_cert=${OPTARG} ;; | |
| k) | |
| ca_key=${OPTARG} ;; | |
| l) | |
| leaf_prefix=${OPTARG} ;; | |
| a) | |
| ca_prefix=${OPTARG} ;; | |
| esac | |
| done | |
| shift $((OPTIND-1)) | |
| if [ $OPTIND -eq 1 ]; then | |
| echo "Using defaults -a ca -l host" | |
| fi | |
| if [ -z ${ca_cert} ] && [ -n {$ca_key} ] || [ -n ${ca_cert} ] && [ -z {$ca_key} ]; then | |
| echo "-z & -n required together, you can't provide just one." | |
| usage | |
| fi | |
| if [ -z ${ca_cert} ] && [ -z ${ca_key} ]; then | |
| ca_cert="$ca_prefix.cert.pem" | |
| ca_key="$ca_prefix.key.pem" | |
| if [ -f $ca_cert ] || [ -f $ca_key ]; then | |
| echo "[*] Cowardly refusing to overwrite files $ca_cert or $ca_key" | |
| exit 1 | |
| fi | |
| # Create CA key | |
| echo "[-] CREATING CA KEY" | |
| openssl genrsa \ | |
| -out $ca_prefix.key.pem \ | |
| $size | |
| echo "[+] CREATED CA KEY" | |
| echo "[-] CREATING CA CERT" | |
| # Create self-signed CA cert | |
| openssl req -x509 -new -nodes \ | |
| -key $ca_prefix.key.pem \ | |
| -sha256 \ | |
| -days $ca_validity \ | |
| -out $ca_prefix.cert.pem | |
| echo "[+] CREATED CA CERT" | |
| fi | |
| if [ -f $leaf_prefix.key.pem ] || [ -f $leaf_prefix.cert.pem ]; then | |
| echo "[*] Cowardly refusing to overwrite files $leaf_prefix.key.pem or $leaf_prefix.cert.pem" | |
| exit 1 | |
| fi | |
| echo "[-] CREATING LEAF CERTIFICATE" | |
| # Create user key | |
| openssl genrsa \ | |
| -out $leaf_prefix.key.pem \ | |
| $size | |
| # Create CSR | |
| openssl req -new \ | |
| -key $leaf_prefix.key.pem \ | |
| -out $leaf_prefix.csr | |
| # Generate signed host cert | |
| openssl x509 -req \ | |
| -in $leaf_prefix.csr \ | |
| -CA $ca_cert \ | |
| -CAkey $ca_key \ | |
| -CAcreateserial \ | |
| -out $leaf_prefix.cert.pem \ | |
| -days $leaf_validity \ | |
| -sha256 | |
| echo "[+] CREATED LEAF CERTIFICATE" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Simple tshark WiFi EAP certificate extractor | |
| # By [email protected] | |
| # All rights reserved 2020 | |
| function trap_ctrlc () | |
| { | |
| echo "Ctrl-C caught...performing clean up" | |
| killall tshark | |
| exit 2 | |
| } | |
| trap "trap_ctrlc" 2 | |
| if [ ! -x $(which tshark) ]; then | |
| echo "tshark not installed" | |
| exit 1 | |
| fi | |
| if [ -z ${1} ]; then | |
| echo "Usage: $0 [-r file.cap] [-i interface]" | |
| echo "Extracted certificates will be written to <file|int>.cert.rand.der" | |
| exit 1 | |
| fi | |
| # Newer versions of tshark use tls not ssl | |
| filter="ssl.handshake.certificate" | |
| tshark -r /etc/resolv.conf $filter 2>/dev/null | |
| if [[ $? -eq 2 ]]; then | |
| filter="tls.handshake.certificate" | |
| fi | |
| tmpbase=$(basename $2) | |
| for x in $(tshark $1 $2 \ | |
| -Y "$filter and eapol" \ | |
| -T fields -e "ssl.handshake.certificate"); do | |
| echo $x | \ | |
| sed "s/://g" | \ | |
| xxd -ps -r | \ | |
| tee $(mktemp $tmpbase.cert.XXXX.der) | \ | |
| openssl x509 -inform der -text; | |
| done |
I have no idea how it happened, but when copy pasting this, it changed some of my integers which affected things like $1 and the year. WTF. Fixed it.
I get error:
$./Extract_EAP.sh -i wlp0s20u3mon
tshark: Some fields aren't valid:
ssl.handshake.certificate
$
I have wireshark instaled. Can it be because I am running python 3.0 as default?
What version of tshark/wireshark are you running?
… On 17 Jun 2019, at 13:06, bashbanana ***@***.***> wrote:
I get error:
$./Extract_EAP.sh -i wlp0s20u3mon
tshark: Some fields aren't valid:
ssl.handshake.certificate
$
I have wireshark instaled. Can it be because I am running python 3.0 as default?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
Had the same issue as @bashbanana, fixed it by replacing "ssl.handshake.certificate" with "tls.handshake.certificate".
Yup. Same issue as @bashbanana and the fix recommended by @GOAT-FARM3R is valid and working.
In case it wasn't clear to others, I updated the script to incorporate the fix sometime ago.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
made some changes: https://gist.github.com/Cablethief/a2b8f0f7d5ece96423ba376d261bd711