News‎ > ‎


posted Sep 28, 2011, 1:44 AM by Nickosaurus Hax   [ updated Jan 31, 2016, 6:19 PM ]
A few weeks ago, around about the time of the DigiNotar compromise, I thought that it'd be really neat to have a way to inject a trusted Certificate Authority as part of post-exploitation activities. So I made one! There's currently an issue in Metasploit's issue tracker for my patch, mycawhich allows for easy CA management from within meterpreter.

Myca also allows the adding and removing of entries from the Windows hosts file, which makes SSL MITM that much easier, as you no longer need to be on your victim's network. Bonus.