nervuri
/
CA.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Generate CA + wildcard cert for any hostname (and add CA to Android trust store)
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
26 KiB
Shell 100%
 
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
nervuri 2547e348b8 init 2 years ago
CA.sh init 2 years ago
LICENSE.txt init 2 years ago
README.md init 2 years ago

README.md

CA.sh

Generate CA + wildcard cert for any hostname

CA.sh takes a domain name as input and outputs a directory named "CA", containing:

  • a certificate authority (private key + cert + serial number file + a copy of the cert appropriately named for inclusion in the Android trust store);
  • a CA-signed cert for the provided hostname;
    • if the hostname is a domain, then a wildcard cert is generated, matching domain.tld and *.domain.tld;
    • the hostname can also be an IP address.

Both the CA and the cert are valid for 30 days.

Usage

./CA.sh example.org

Optional dependencies

  • ipcalc-ng, for detecting if the supplied hostname is an IP address.
  • idn, for converting IDNs to punycode.

Adding the CA to the Android trust store

The reason I wrote this script was to intercept an Android app's TLS-encrypted traffic. In order to do this, the CA cert must be added to the Android trust store. Here's how:

In Android versions prior to 4, see http://wiki.cacert.org/FAQ/ImportRootCertAndroidPreICS

In Android versions 4, 5 and 6, you can simply copy the file to your phone and add it from the Android UI.

In Android 7+, in order for the CA to be trusted by all apps, you need to have a rooted phone. Allow USB debugging, grant root access for ADB, connect the phone to a computer and run the following commands:

# restart ADB as root
adb root
# remount the /system partition as read+write
adb remount
# copy the CA file to the root store
adb push CA/android/*.0 /system/etc/security/cacerts/

Then you can spoof a domain's IP address by adding it to the Android system's hosts file:

adb shell 'echo "192.168.0.2 example.org" >> /system/etc/hosts'

To allow TLS interception on a non-rooted phone, you need to slightly modify the app you are snooping on, as described in:

If the app uses certificate pinning, you may need a program like Apktool, Frida or baksmali.

Thanks to Soarez for his OpenSSL CA guide!