Index of /thoger/certs-with-nuls

Name	Last modified	Size

Parent Directory		-
ca.crt	2009-08-04 06:50	4.7K
badguy.key	2009-08-03 16:30	1.6K
badguy-nul-san.crt	2009-08-04 06:53	4.4K
badguy-nul-san-star.crt	2009-08-07 09:50	4.4K
badguy-nul-cn.crt	2009-08-04 07:33	4.3K
badguy-nul-cn-star.crt	2009-08-07 09:50	4.3K

On Black Hat USA 2009 conference, Dan Kaminsky and Moxie Marlinspike presented a way to trick SSL certificate verification implementations to incorrectly check host name against CommonName (CN) or subjectAltName (sAN) specified in the server certificate. This flaw can be used in MITM attacks against SSL clients. For details, check Moxie's presentation:

http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike

Certificates here can be used to test various SSL implementations for this flaw. Files here include:

ca.crt - certificate of CA that signed other specially-crafted certificates available here
badguy-nul-cn.crt - certificate with '\0' in CN (www.bank.com\0.badguy.com)
badguy-nul-cn-star.crt - wildcard certificate with '\0' in CN (*\0.badguy.com)
badguy-nul-san.crt - certificate with '\0' in sAN (www.bank.com\0www.badguy.com)
badguy-nul-san-star.crt - wildcard certificate with '\0' in sAN (*\0.badguy.com)
badguy.key - private key corresponding to badguy-nul-*.crt

For testing, make sure to have name www.bank.com pointing to an IP address of your testing server and use that name when connecting.

Source: http://people.redhat.com/thoger/certs-with-nuls/
Last update: Fri Aug 7 10:00:53 GMT 2009

Updates:

[20090807] Added wildcard certificates badguy-nul-cn-star.crt and badguy-nul-san-star.crt