
Show HN: CertStream – See SSL certs as they're issued in real time - zer01
https://certstream.calidog.io
======
y0ghur7_xxx
A bit OT, but there is a thing about CT that I keep asking me and I can't seem
to find an answer: Say I use a letsencrypt certificate for my nextcloud
installation on my home server. Now say that the german police is
investigating on me. They call up the BSI and tell them "hey, can you please
issue me a signed cert for nextcloud.y0ghur7.xxx so we can mitm this guy? And
please, don't log it to the CT, so nobody will ever know"

I will probably never know, because BSI is a trusted CA in all browsers and
other http clients so they don't complain (and I am not looking at what
certificate the server sent me every time I open my nc page), and nobody else
will ever know that that certificate was released. Am I right? So what does CT
buy me?

~~~
bouk
At some point browsers will stop allowing certificates that are not logged
through CT

~~~
y0ghur7_xxx
> At some point browsers will stop allowing certificates that are not logged
> through CT

Makes sense. So to be sure nobody issued a cert for one of my properties I
would have to check regularly on CT logs to be sure that only certs requested
by me are issued. But in that case, if someone requests a cert for one of my
properties, and that cert was not requested by me, what do I do?

Do I tell mozilla and google that "someone issued cert id 4d8effdd25 for my
nextcloud installation (or my forum where some rebellious users meet up
sometimes) to mitm me, but it was not me". Will they belive me? And it will be
probably to late anyway, because propagation to a CT log can take up to one
day, so they got data on all the traffic for a whole day.

~~~
advisedwang
It's not part of CT, nor does it fully solve the issue, but you might also
like Certificate Authority Authorization. CAA allows you to publish what CAs
are acceptable for your domain via DNS. CAs shouldn't issues certificates
against that. Of course that doesn't protect against a rogue, compromised or
coerced CA, but it does protect against phony requests to the CA.

~~~
prdonahue
As you said, that only protects against CAs that follow the CA/B Forum
Baseline Requirements that require they check CAA at issuance time.

If a government was coercing a CA, they'd just tell them to disable this
check. If this can be proven it's grounds to start the distrust process. At
the very least, they should fail their next WebTrust audit.

------
mschuster91
One thing I totally dislike with CT is that literally everybody can see all
the subdomains that my certificate is valid for (esp. LetsEncrypt), but also
for cases where your "normal" wildcard-cert does not work - e.g. _.foo.de is
covered, but because wildcards dont go beyond 1 level,_.bar.foo.de is not
covered, and so everyone can see that there is one (or more) subdomains at
bar.foo.de.

Let's assume an attacker finds a RCE in JIRA, Confluence or Gitlab... now
everything the attacker has to do to find a list of candidates is to run a
simple grep -i gitlab|jira|confluence|whatever on the CT logs, while he'd have
to go the brute-force route before CT.

~~~
tscs37
You should not expect a service which has been exposed to the open internet to
be hidden.

If your last defense is that nobody knows the domainname, then you've lost.
Not knowing the domainname shouldn't be any defense at all.

~~~
mschuster91
> You should not expect a service which has been exposed to the open internet
> to be hidden.

Of course not, but CT dramatically lowers the bar for attackers. That's what I
mean.

~~~
tscs37
It doesn't really, only when you need to hide subdomains for security reasons.
Which you shouldn't do.

CT raises the bar for attackers since they will be logged into the CT if they
try to MitM.

Any other attack is not made easier than without CT.

------
zer01
Hey folks, developer of CertStream here. You can read more about the
motivations and implementation behind this project by visiting the
announcement page ([https://medium.com/cali-dog-security/introducing-
certstream-...](https://medium.com/cali-dog-security/introducing-
certstream-3fc13bb98067)) on my company's blog. I'm also happy to field any
questions anyone may have!

~~~
kbody
Interesting project. I was wondering if you think they are any privacy issues
around Certificate Transparency, like grouping ownership of domains through
the timings.

~~~
zer01
Hmm, that's an interesting thing I haven't given much thought to.

I think that it would be somewhat difficult to pull off a correlation
attack/leakage as the CTLs tend to dump in batches vs every poll returning new
results, but I think once you remove a lot of the noise (cloudflare SNI certs,
testing domains, etc) it'd potentially show some interesting patterns.

[https://github.com/CaliDog/certstream-
python/blob/master/exa...](https://github.com/CaliDog/certstream-
python/blob/master/examples/stat_windows.py)

This demo would be a decent starting point to that analysis if you'd be
interested in toying with it!

------
andrewstuart2
Interesting timing, considering the talk [0] on this very topic just uploaded
to YouTube yesterday morning from DefCon 25. Basically, this is offering his
observation (CTL can be used to get a real-time list of new domain names,
which can be exploited), as a service.

Seems like Hanno Bõck could at least use a shout out if it was related to his
work.

Either way, the talk is worth a watch.

[0]
[https://www.youtube.com/watch?v=TMNeSnjZfCI&list=PL9fPq3eQfa...](https://www.youtube.com/watch?v=TMNeSnjZfCI&list=PL9fPq3eQfaaDEQqRyr-0cmF1HTuidm97j&index=11)

~~~
tty7
Shout out isnt needed, i did the same thing as Hanno over a weekend early this
year. Been kicking myself since defcon that i didn't submit a talk!

Anyone who reads the certificate transparency log rfc can quickly realize
whats possible.

I've also been following calidog since his first medium post, ive got my own
similar cert scanner/tracker.

------
mastax
There seems to be a big list of domains streaming through in alphabetical
order. First there were dozens all starting with J, now there are dozens
starting with K. Looks like gemalto is going through the day's domains in
alphabetical order and adding them one at a time?

~~~
zer01
Yeah, it's interesting to see how certs are issued from the larger lists,
since they tend to come in a deluge. This goes doubly for the cloudflare SNI
certificates for their edge nodes!

------
wybiral
Very cool! I love the simple JSON-over-WebSockets API and would love to see
more streaming APIs like this available in the wild.

------
tscs37
This is quite neat. I'll probably look at the go-library to build something
out of that.

In the meanwhile, crt.sh also offers a Atom feed of issued certificates.
Definitely not realtime but also works.

------
waibelp
Sweet landingpage!

~~~
zer01
Thanks! It's a few iterations in, and my designer
([http://www.jweiller.com/](http://www.jweiller.com/)) was definitely
responsible for the best looking parts!

~~~
finnn
heads up the <title> isn't getting set, it just shows the URL.

~~~
zer01
Thanks for the heads up! It also isn't displaying the favicon properly it
seems :-/.

[https://media1.giphy.com/media/R54jhpzpARmVy/giphy.gif](https://media1.giphy.com/media/R54jhpzpARmVy/giphy.gif)
TL;DR - Curse you Webpack! ::shakes fist::

