Certificate Transparency
How to Analyze CT logs through Facebook's Developer tools?
Certificate Transparency is a framework that allows you to identify improperly issued TLS certificates and potential phishing domain.
Background :
Transport Layer Security (TLS) allows you to securely exchange data between clients and servers. Web browsers use TLS certificates to perform encryption and also to identify and differentiate trusted and un-trusted web sites. If a web browser encounters an untrusted certificate it will warn the user that the site is untrusted and to proceed with caution.
In order to prevent visitors to your site from seeing an untrusted web site warning when using TLS, you must request a publicly-trusted certificate from a Certificate Authority (CA). There are hundreds of CAs, and they all perform various actions to verify your digital identity before issuing you a publicly-trusted certificate.
Problems can arise, however, if a CA is compromised or mis-issues a publicly-trusted certificate. When this happens it may take weeks before the CA can identify and revoke any improperly issued certificates thus “Transparent”.
To address this problem, the Certificate Transparency (CT) open framework has been introduced. The CT framework allows anyone to log, audit, and monitor publicly-trusted TLS certificates newly issued by any CA.
To help you take advantage of this framework, Facebook has a built a monitoring tool to help us discover any certificates that have been newly issued for specific domains.
How the Facebook’s CT monitoring tool works?
Facebook’s Certificate Transparency tool works by continuously fetching and storing data from a set of known public Certificate Authority CT logs .
Searching for Certificates :
- Login to : https://developers.facebook.com/
- Go to More>Tools> Certificate Transparency Monitoring
- On the search Tab , you can search for your desired domain
Subscribing for Alerts :
By subscribing a domain to certificate alerts & Phishing alerts,Facebook will notify you whenever a new certificate has been issued for that domain through Email , Push or onsite notifications. How to do that ?
- Login to : https://developers.facebook.com/
- Go to More>Tools> Certificate Transparency Monitoring
3. You can put your domain name, The mode of alert you want to receive , the email.
Note : By subscribing a legitimate domain to phishing alerts, Facebook will notify you whenever a new certificate is issued for a domain that may be phishing the legitimate domain ( Homograph attacks)
You can read more about CT here : https://www.certificate-transparency.org/what-is-ct
Hope you got to know something new. You can connect with me on twitter : https://twitter.com/SecurityBoy0x01
