Sign up to save your podcasts
Or
Share SSL TLS History: Discovering Service Encryption
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SSL TLS History: Discovering Service Encryption
Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version.
Privacy in peer-to-peer communications throughout the World Wide Web has become an extremely widespread issue, especially over the last few years.
Secure socket layers (SSL) and its evolutionary descendant, Transport Level Security (TLS), are the most widely used protocols for ensuring confidentiality among service information exchanges. Despite this fact, their implementation is one of the most misunderstood, misconfigured, and prone-to-human-error options available.
"Why?" you may ask. Opinions on the matter differ greatly, but generally, when implementing SSL TLS encryption you're facing a life-like organism that continuously mutates and needs constant re-evaluation and caring.
Remarkably, cryptanalysts such as Elizabeth Friedman (pictured above) did this in the past with only the use of pen and paper (no modern Osint tools to crack such things at the time!).
In the tradition of greats like Friedman, a vast number of mathematicians and codebreakers are constantly testing different cryptography algorithms for strength, usability, and any problems that could possibly arise if used broadly.
This is true not only for brand new encryption algorithms (as we featured before in "All Things Quantum") but also for currently used ciphers that are broken or will be at any point in the future. They leave room for misconfigurations, deprecated implementations (such as expired certificates), and other problems to be addressed.
Do I have SSL certificates deployed?
This is a valid question, especially if you're not running your infrastructure and want to analyze for any possible attack vector that could allow a posterior compromise.
To address this, we'll show you how to check for the history of deployed certificate records using Surfacebrowser, by performing a certificate discovery starting from your company's name or a desired hostname.
Then, we'll use our SecurityTrails API to show how you can do nearly the same thing using different tools and interfaces.
Scraping your company’s certificates using Surfacebrowser
After logging into the interface you'll find the text box with the option **Company Domain** selected. Enter your desired hostname, then check the results:
Results for this or any other desired hostname will be displayed in the following fashion, as a listing with all recovered digital assets ordered by categories. On the left menu, you can find the SSL label and click into it to get all certificate-related information.
Here you can see all the certificates found, and you can order them by different criteria such as expired and valid dated registries.
By clicking on the certificate name you can go one step further and visualize particular information about every certificate—such as hashing fingerprints, creation and expiration dates, issuer, and subject information among others.
In case you want to play around and do cross-checks of information by using an SQL-syntax, we invite you to check out our latest post, Product Update: SurfacebrowserTM SQL-explorer: SSL Certificate Scraping Showcase.
Find your company's SSL historical records with SecurityTrails API
API documentation is available here and you can also find SSL-related functionality at **Domains, SSL Certificates (Pages) and Domains, SSL Certificates (Streams)**.
These pages will provide all the certificate information related to a certain hostname you enter, and below you can see the query results, which are output in JSON format.
Every record will be separated and you can browse between all options, labels, and results information.
Streams, on the other hand, will output everything together and you'll have to take care of every corresponding label identification. Here's what it looks like:
We've covered how to get all of your certificate's information using SecurityTrails API. Now let's go a little further and c...
View all episodes
By SecurityTrailsNote: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version.
Privacy in peer-to-peer communications throughout the World Wide Web has become an extremely widespread issue, especially over the last few years.
Secure socket layers (SSL) and its evolutionary descendant, Transport Level Security (TLS), are the most widely used protocols for ensuring confidentiality among service information exchanges. Despite this fact, their implementation is one of the most misunderstood, misconfigured, and prone-to-human-error options available.
"Why?" you may ask. Opinions on the matter differ greatly, but generally, when implementing SSL TLS encryption you're facing a life-like organism that continuously mutates and needs constant re-evaluation and caring.
Remarkably, cryptanalysts such as Elizabeth Friedman (pictured above) did this in the past with only the use of pen and paper (no modern Osint tools to crack such things at the time!).
In the tradition of greats like Friedman, a vast number of mathematicians and codebreakers are constantly testing different cryptography algorithms for strength, usability, and any problems that could possibly arise if used broadly.
This is true not only for brand new encryption algorithms (as we featured before in "All Things Quantum") but also for currently used ciphers that are broken or will be at any point in the future. They leave room for misconfigurations, deprecated implementations (such as expired certificates), and other problems to be addressed.
Do I have SSL certificates deployed?
This is a valid question, especially if you're not running your infrastructure and want to analyze for any possible attack vector that could allow a posterior compromise.
To address this, we'll show you how to check for the history of deployed certificate records using Surfacebrowser, by performing a certificate discovery starting from your company's name or a desired hostname.
Then, we'll use our SecurityTrails API to show how you can do nearly the same thing using different tools and interfaces.
Scraping your company’s certificates using Surfacebrowser
After logging into the interface you'll find the text box with the option **Company Domain** selected. Enter your desired hostname, then check the results:
Results for this or any other desired hostname will be displayed in the following fashion, as a listing with all recovered digital assets ordered by categories. On the left menu, you can find the SSL label and click into it to get all certificate-related information.
Here you can see all the certificates found, and you can order them by different criteria such as expired and valid dated registries.
By clicking on the certificate name you can go one step further and visualize particular information about every certificate—such as hashing fingerprints, creation and expiration dates, issuer, and subject information among others.
In case you want to play around and do cross-checks of information by using an SQL-syntax, we invite you to check out our latest post, Product Update: SurfacebrowserTM SQL-explorer: SSL Certificate Scraping Showcase.
Find your company's SSL historical records with SecurityTrails API
API documentation is available here and you can also find SSL-related functionality at **Domains, SSL Certificates (Pages) and Domains, SSL Certificates (Streams)**.
These pages will provide all the certificate information related to a certain hostname you enter, and below you can see the query results, which are output in JSON format.
Every record will be separated and you can browse between all options, labels, and results information.
Streams, on the other hand, will output everything together and you'll have to take care of every corresponding label identification. Here's what it looks like:
We've covered how to get all of your certificate's information using SecurityTrails API. Now let's go a little further and c...