Created
July 29, 2020 11:37
-
-
Save olliecheng/49c4832d94c54241f5c72d64388f55f2 to your computer and use it in GitHub Desktop.
export CyberHound software certificates to a specified directory, and then add the bundle to requests and cURL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $finalCertPath = "C:\Program Files\Common Files\SSL\cert.crt" | |
| # [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://hasteb.in/raw/axihanay')) | |
| # Check if user has Administrator perms | |
| $hasAdministrator = ([Security.Principal.WindowsPrincipal] ` | |
| [Security.Principal.WindowsIdentity]::GetCurrent() ` | |
| ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) | |
| if (!$hasAdministrator) { | |
| Write-Host "Not currently an administrator. Please open a PowerShell window as an Administrator and try again." -f Red | |
| exit | |
| } | |
| # get all Trusted Root Certs | |
| Write-Host "Fetching Trusted Root Certs and filtering..." | |
| $allCerts = Get-ChildItem cert:\CurrentUser\Root | |
| # filter certs only for NBB or RoamSafe ones | |
| $certs = $allCerts | where { $_.Subject -like "*RoamSafe*" -or $_.Subject -like "*NetBox Blue*"} | |
| # array of paths of temporary cert files | |
| $certPaths = @() | |
| $certs | ForEach-Object { | |
| # create hash of cert, use in filename | |
| $hash = $_.GetCertHashString() | |
| $file_path = ".\cert_$hash.crt" | |
| Write-Host "Found:" $_.Subject -f Gray | |
| # add to array | |
| $certPaths += $file_path | |
| # export to a temporary file | |
| Export-Certificate -Cert $_ -FilePath $file_path -Type CERT | Out-Null | |
| # grab raw exported bytes | |
| $certData = get-content $file_path | |
| $certBytes = [System.Text.Encoding]::UTF8.GetBytes($certData) | |
| # convert to b64 | |
| $certEncodedRaw = [System.Convert]::ToBase64String($certBytes) | |
| # add headers | |
| $certEncoded = "-----BEGIN CERTIFICATE-----`n" + $certEncodedRaw + "`n-----END CERTIFICATE-----" | |
| # write to file | |
| $certEncoded | set-content ($file_path) | |
| } | |
| $finalCertDir = Split-Path -Path $finalCertPath -Parent | |
| if(!(Test-Path -path $finalCertDir)) { | |
| Write-Host "Directory" $finalCertDir "does not exist, creating." -f Yellow | |
| New-Item -ItemType directory -Path $finalCertDir -Force | Out-Null | |
| } | |
| # append contents of each temp file to our $finalCertPath | |
| Write-Host "Written contents to file" $finalCertPath | |
| $certPaths | ForEach-Object {gc $_; ""} | out-file $finalCertPath #-NoClobber | |
| # clean-up temporary cert files | |
| Write-Host "Cleaning up temporary certificate files from the current directory." -f Gray | |
| Remove-Item $certPaths | Out-Null | |
| # set environment variables | |
| Write-Host "Setting environment variables REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE..." | |
| $target = [System.EnvironmentVariableTarget]::Machine | |
| [System.Environment]::SetEnvironmentVariable('REQUESTS_CA_BUNDLE', $finalCertPath, $target) | Out-Null | |
| [System.Environment]::SetEnvironmentVariable('CURL_CA_BUNDLE', $finalCertPath, $target) | Out-Null | |
| Write-Host "Done! You can safely close this window now." -f Green |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment