CertGraph: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency

ShmooCon XIV - 2018

Presented by: Ian Foster
Date: Saturday January 20, 2018
Time: 15:30 - 15:50
Location: Near Room
Track: Build It

SSL Certificates and Certificate Authorities are the backbone of how secure communication works online for most secure protocols these days. This has worked well for quite some time, but fails when you can no longer trust the Certificate Authorities as we have seen when they are breached or misbehave. Certificate Transparency was created as a way to allow anyone to publicly audit the behavior of a Certificate Authority to solve this problem, and it does just that. But there are also unintended privacy side effects not as well known about Certificate Transparency, both for the end user and server’s organization. After covering the background about how Certificate Transparency works, I will tell you what you need to know to protect yourself and your organization. Finally I introduce CertGraph, a new tool being developed to uncover and enumerate domains hiding in SSL certificate Alternative Names. CertGraph crawls internet accessible certificates through exposed hosts and Certificate Transparency logs creating a visual graph of certificates and domains. CertGraph has already been used to identify internal and public domains an organization may not want public knowledge of, host enumeration for an organization and its related partners, and misconfigured SSL certificates for incorrect domains.

Ian Foster

Ian Foster (@lanrat) enjoys researching systems and networking problems and solutions in an effort to make the world more secure. He has published research papers analyzing the new gTLD land rush and crawling and parsing most WHOIS records. From demonstrating how insecure aftermarket OBD “dongles” can be used to compromise and take over automobiles; to measuring the paths an email traverses online with encryption in an effort to increase integrity, authenticity, and confidentiality; and more. During the day Ian is a Security Engineer at Salesforce working to keep the cloud secure.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats