regen_cert.sh

#!/usr/bin/env bash
set -euo pipefail

if [[ $EUID -ne 0 ]]; then
    echo "must run as root (use sudo)" >&2
    exit 1
fi

ROOT_DIR=/root/dumps/mitm_logs
SNAKE_DIR=/home/snake/dumps/mitm_logs
mkdir -p "$ROOT_DIR" "$SNAKE_DIR"

CERT="$ROOT_DIR/mitm_cert.pem"
KEY="$ROOT_DIR/mitm_key.pem"

CFG=$(mktemp)
trap 'rm -f "$CFG"' EXIT

cat > "$CFG" <<'EOF'
[req]
distinguished_name = dn
req_extensions = v3_req
x509_extensions = v3_req
prompt = no

[dn]
CN = portal.ubianet.com
O  = Ubia
C  = US

[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt

[alt]
DNS.1 = portal.ubianet.com
DNS.2 = api.us.ubianet.com
DNS.3 = api.cn.ubianet.com
DNS.4 = *.ubianet.com
DNS.5 = *.aliyuncs.com
DNS.6 = *.oss-cn-shenzhen.aliyuncs.com
DNS.7 = *.myqcloud.com
IP.1  = 192.168.1.172
EOF

openssl req -x509 -newkey rsa:2048 -nodes -days 3650 \
    -keyout "$KEY" -out "$CERT" -config "$CFG" -extensions v3_req

chmod 644 "$CERT"
chmod 600 "$KEY"

cp "$CERT" "$SNAKE_DIR/mitm_cert.pem"
cp "$KEY"  "$SNAKE_DIR/mitm_key.pem"
chown snake:snake "$SNAKE_DIR/mitm_cert.pem" "$SNAKE_DIR/mitm_key.pem"
chmod 644 "$SNAKE_DIR/mitm_cert.pem"
chmod 600 "$SNAKE_DIR/mitm_key.pem"

echo
echo "=== wrote ==="
ls -l "$CERT" "$KEY" "$SNAKE_DIR/mitm_cert.pem" "$SNAKE_DIR/mitm_key.pem"
echo
echo "=== subject + SANs ==="
openssl x509 -in "$CERT" -noout -text | grep -E "Subject:|DNS:|IP Address:"
Initial commit — SetecSuite Camera MITM Framework Original tooling from the Camhak research project (camera teardown of a rebranded UBIA / Javiscam IP camera). PyQt6 GUI on top of a curses TUI on top of a service controller; per-service start/stop, intruder detection, protocol fingerprinting, OAM HMAC signing, CVE verifiers, OTA bucket probe, firmware fetcher, fuzzer, packet injection. Tabs: Dashboard, Live Log, Intruders, Cloud API, Fuzzer, Inject, CVEs, Config, Help. Real-time per-packet protocol detection, conntrack-based original-destination lookup, log rotation at 1 GiB. See SECURITY_PAPER.md for the full writeup, site/index.html for the public report, README.md for usage. Run with: sudo /usr/bin/python3 gui.py Co-authored by Setec Labs. 2026-04-09 08:14:18 -07:00			`#!/usr/bin/env bash`
			`set -euo pipefail`

			`if [[ $EUID -ne 0 ]]; then`
			`echo "must run as root (use sudo)" >&2`
			`exit 1`
			`fi`

			`ROOT_DIR=/root/dumps/mitm_logs`
			`SNAKE_DIR=/home/snake/dumps/mitm_logs`
			`mkdir -p "$ROOT_DIR" "$SNAKE_DIR"`

			`CERT="$ROOT_DIR/mitm_cert.pem"`
			`KEY="$ROOT_DIR/mitm_key.pem"`

			`CFG=$(mktemp)`
			`trap 'rm -f "$CFG"' EXIT`

			`cat > "$CFG" <<'EOF'`
			`[req]`
			`distinguished_name = dn`
			`req_extensions = v3_req`
			`x509_extensions = v3_req`
			`prompt = no`

			`[dn]`
			`CN = portal.ubianet.com`
			`O = Ubia`
			`C = US`

			`[v3_req]`
			`basicConstraints = CA:FALSE`
			`keyUsage = digitalSignature, keyEncipherment`
			`extendedKeyUsage = serverAuth`
			`subjectAltName = @alt`

			`[alt]`
			`DNS.1 = portal.ubianet.com`
			`DNS.2 = api.us.ubianet.com`
			`DNS.3 = api.cn.ubianet.com`
			`DNS.4 = *.ubianet.com`
			`DNS.5 = *.aliyuncs.com`
			`DNS.6 = *.oss-cn-shenzhen.aliyuncs.com`
			`DNS.7 = *.myqcloud.com`
			`IP.1 = 192.168.1.172`
			`EOF`

			`openssl req -x509 -newkey rsa:2048 -nodes -days 3650 \`
			`-keyout "$KEY" -out "$CERT" -config "$CFG" -extensions v3_req`

			`chmod 644 "$CERT"`
			`chmod 600 "$KEY"`

			`cp "$CERT" "$SNAKE_DIR/mitm_cert.pem"`
			`cp "$KEY" "$SNAKE_DIR/mitm_key.pem"`
			`chown snake:snake "$SNAKE_DIR/mitm_cert.pem" "$SNAKE_DIR/mitm_key.pem"`
			`chmod 644 "$SNAKE_DIR/mitm_cert.pem"`
			`chmod 600 "$SNAKE_DIR/mitm_key.pem"`

			`echo`
			`echo "=== wrote ==="`
			`ls -l "$CERT" "$KEY" "$SNAKE_DIR/mitm_cert.pem" "$SNAKE_DIR/mitm_key.pem"`
			`echo`
			`echo "=== subject + SANs ==="`
			`openssl x509 -in "$CERT" -noout -text \| grep -E "Subject:\|DNS:\|IP Address:"`