Cain's Certificates Collector grabs server certificates from SSL enabled sites and prepares them for APR-*S filters. The feature is automatically used by the sniffer but you can also manually create a list of pre-calculated fake certificate files. Why fake ? because the program will replace asymmetric encryption keys in these files with new ones generated locally. In this way the APR-*S filters will be able to encrypt/decrypt SSL traffic in a Man-in-the-Middle condition between victim APR's hosts.

You can choose to create/use self-signed fake certificates or to sign them using a real root certificate of your choice; in the last case the whole certificate chain will be injected to victims clients during MitM attacks.

 

 

When using self-signed fake certificates the client's browser is supposed to pop up a dialog to notify users that the SSL-enabled server certificate is coming from an untrusted certification authority; anyway since all other parameters within the certificate remain the same as the real ones a lot of users simply does not care about this warning.

 

 

Fake certificates are stored in the "Certs" subdirectory of the program's installation path and the list of those currently available to APR-*S filters is maintained in the file CERT.LST in the program's directory. You can manually modify this list file to instruct Cain's APR-*S filters to inject the certificate of your choice into connections from APR's victims computers to a given SSL server address.

 

 

Usage

The feature is used automatically by the APR-*S sniffer filters. You can use the + button on the toolbar to manually grab and prepare a list of fake certificates; non standard ports can be specified using the syntax "hostname:port" or "ip address:port".