acme.sh is the ultimate DNS/SSL toolset! i have wasted my life!

I’ve been automating SSL renewals for almost as long as i’ve been deploying them.  for the most part, it is very smooth and easy to do.  (thanks mostly to certbot and the hard work over at let’s encrypt)  The trouble comes up with non publicly addressable servers and other custom setups. cough cough. . . Unifi. . . cough cough.

I recently discovered a tool that makes all those complicated setups as easy as the original certbot installs. acme.sh is that tool.  two lines!  not since screen have i regret any time i spent not using such a tool.

./acme.sh –renew -d “unifi.domain.com”

./acme.sh –deploy -d “unifi.domain.com” –deploy-hook unifi

Played with PoisonTap network hijacking tool

Poison Tap in Action

@SamyKamkar made an impressive and terrifying tool.  This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor.  On a locked machine no less!  It depends much on the trust that our computers take for granted.  Trusting a USB device is not up to no good.  Trusting the local network not trying to confuse. We must reexamine this trust going forward.  It didn’t take long to get it up and running, however once you do, you can spend hours tinkering.  (i was working to combine it with @mubix‘s work here)

I am also delighted to have my first Raspberry Pi as a USB device rather then host.  it is certainly exciting to create some new doodads using this dangerous toolkit.

UPDATE

I have since made a version without the cache attack.  I completely failed to steal the poisontap visuals, but TheCodePlayer offers offered a delightful matrix animation.  next step is to man in the middle ssl too.  I’m turning it into a device that logs everything while connected, but doesn’t persist.