Module: Msf::Exploit::Remote::CertificateTrace

Included in:

Kerberos::Client, LDAP, MsIcpr

Defined in:

lib/msf/core/exploit/remote/certificate_trace.rb

Overview

Shared helpers for tracing X.509 certificates encountered during a module run (for example the client certificate presented for PKINIT, or a certificate issued via AD CS / MS-ICPR). Registers the CertificateTrace and CertificateTraceColors advanced options and dispatches formatted, optionally colorized output through Msf::Trace::CertificateTracePresenter.

Include this mixin in any module or mixin that wants certificate tracing, then call #certificate_trace with the certificate of interest.

Instance Method Summary

• #certificate_trace(cert) ⇒ void

  Dispatches a certificate trace at the configured verbosity level.

• #certificate_trace_enabled? ⇒ Boolean

  Returns true if CertificateTracePresenter is loaded and tracing is enabled.

• #initialize(info = {}) ⇒ Object

Instance Method Details

#certificate_trace(cert) ⇒ void

This method returns an undefined value.

Dispatches a certificate trace at the configured verbosity level. Builds a presenter, routes to the appropriate to_s_* method, applies the configured color, then prints via the module instance.

Color convention mirrors HttpTraceColors: the second color in the “req/resp” pair is used for certificate output since a cert is always a received (response-side) artifact.

Parameters:

• cert (OpenSSL::X509::Certificate, OpenSSL::PKCS12, String)

# File 'lib/msf/core/exploit/remote/certificate_trace.rb', line 45

def certificate_trace(cert)
  return unless certificate_trace_enabled?

  mode = datastore['CertificateTrace']
  presenter = Msf::Trace::CertificateTracePresenter.new(cert)

  output = case mode
           when 'metadata'
             presenter.to_s_metadata
           when 'full'
             presenter.to_s_full
           else
             vprint_warning("Unknown CertificateTrace mode: #{mode}")
             nil
           end
  return unless output

  print_line(certificate_trace_colorize(output))
end

#certificate_trace_enabled? ⇒ Boolean

Returns true if CertificateTracePresenter is loaded and tracing is enabled.

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/remote/certificate_trace.rb', line 27

def certificate_trace_enabled?
  return false unless defined?(Msf::Trace::CertificateTracePresenter)
  return false unless respond_to?(:datastore) && datastore

  mode = datastore['CertificateTrace']
  mode && mode != 'off'
end

#initialize(info = {}) ⇒ Object

# File 'lib/msf/core/exploit/remote/certificate_trace.rb', line 13

def initialize(info = {})
  super

  register_advanced_options(
    [
      OptEnum.new('CertificateTrace', [false, 'Certificate trace verbosity level', 'off', ['off', 'metadata', 'full']]),
      OptString.new('CertificateTraceColors', [false, 'Certificate trace color (e.g. red/blu, unset to disable)', 'red/blu'])
    ], Msf::Exploit::Remote::CertificateTrace
  )
end