Tuesday, February 25, 2014

Export a certificate from Windows registry to PKCS#12

Here’s how to export a certificate from the Windows registry, put it in a PKCS#12 bundle, and then do whatever you want with it, like use it as a client certificate in Burp Proxy.

Why would you want to do that? Well, suppose you have a thick client connecting to some SSL service. It may use a client cert stored in the Windows registry. You must export it properly to be able to perform man-in-the-middle.

1. Export the corresponding registry key for the needed cert from:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\<YourApp>\Certificates
Keep only the hexa from the file (i.e. remove commas, backslashes and extra junk), copy this data in an hex editor, save the file under clear.cer.

2. Under windows run commands:
certutil -encode clear.cer b64.cer
certutil -dump b64.cer
3. Run the "certmgr.msc" MMC, and under Personal, choose "All Tasks > Import...". Place it under the "Personal" certificate store.

4. Choose the previously created file and import it. Now it should be added to the store. Right-click it to export it, choose PKCS#12, choose to export the priv key + all certs in the path.

5. Use this .pfx in burp as the Client Certificate. Enjoy.

No comments:

Post a Comment