Getting a certificate signing error

[zanemcca]

Description

While trying to install caplets in bettercap/dev I receive certificate signing errors.

Expected Behaviour

Caplets should be signed by a proper certificate and no error should appear.

Log

caplets.update
[16:41:57] [sys.log] [inf] caplets downloading caplets from https://github.com/bettercap/caplets/archive/master.zip ...
192.168.65.0/24 > 192.168.65.3  » [16:41:57] [sys.log] [err] Get https://github.com/bettercap/caplets/archive/master.zip: x509: certificate signed by unknown authority

[buffermet]

Looks like a false/invalid Certificate Authority tried to issue GitHub's certificate. Could mean you're getting MiTM'ed, could mean something else, we can't really tell without seeing the certificate. Try using a proxy.

[buffermet]

Or update your root CA's. I don't know what your procedure is because you didn't include any of the required details for an issue.

[zanemcca]

@yungtravla sorry I did not see any issue requirements when I filed the issue.

While trying to install caplets in bettercap/dev I receive certificate signing errors.

Environment

• bettercap v2.19 (built for linux amd64 with go1.12.1)
• Docker version 18.09.2, build 6247962 hosted on Mac OSX 10.13.6
• docker run -it --rm --privileged --net=host bettercap/dev -debug
• caplets.update

  
  docker run -it --rm --privileged --net=host bettercap/dev -debug
  Unable to find image 'bettercap/dev:latest' locally
  latest: Pulling from bettercap/dev
  8e402f1a9c57: Pull complete
  1cc8ac0d20dd: Pull complete
  77221a96cf63: Pull complete
  7f397842b6c6: Pull complete
  Digest: sha256:a70376da2c690e9910ccacda66cd802763c6f5c344d8bd7adbe814d70737f4bd
  Status: Downloaded newer image for bettercap/dev:latest
  bettercap v2.19 (built for linux amd64 with go1.12.1) [type 'help' for a list of commands]

192.168.65.0/24 > 192.168.65.3 » [22:29:24] [sys.log] [dbg] FindGateway(eth0) [cmd=ip opts=[route] parser=^(default|[0-9]+.[0-9]+.[0-9]+.[0-9]+)\svia\s([0-9]+.[0-9]+.[0-9]+.[0-9]+)\sdev\s(\S+).*$] 192.168.65.0/24 > 192.168.65.3 » [22:29:24] [sys.log] [dbg] FindGateway(eth0) output: default via 192.168.65.1 dev eth0 127.0.0.0/8 dev lo scope host 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.65.0/24 dev eth0 proto kernel scope link src 192.168.65.3 192.168.65.0/24 > 192.168.65.3 » [22:29:24] [sys.log] [dbg] FindGateway(eth0) line 'default via 192.168.65.1 dev eth0' matched with [default via 192.168.65.1 dev eth0 default 192.168.65.1 eth0] 192.168.65.0/24 > 192.168.65.3 » [22:29:24] [sys.log] [dbg] gateway is 192.168.65.1[f6:16:36:bc:f9:c6] 192.168.65.0/24 > 192.168.65.3 » [22:29:24] [session.started] {session.started 2019-03-22 22:29:24.0113773 +0000 UTC m=+0.144036201 } 192.168.65.0/24 > 192.168.65.3 » [22:29:24] [mod.started] events.stream 192.168.65.0/24 > 192.168.65.3 » [22:29:24] [mod.started] net.recon 192.168.65.0/24 > 192.168.65.3 » caplets.update [22:29:38] [sys.log] [inf] caplets creating caplets install path /usr/local/share/bettercap/ ... [22:29:38] [sys.log] [inf] caplets downloading caplets from https://github.com/bettercap/caplets/archive/master.zip ... 192.168.65.0/24 > 192.168.65.3 » [22:29:38] [sys.log] [err] Get https://github.com/bettercap/caplets/archive/master.zip: x509: certificate signed by unknown authority 192.168.65.0/24 > 192.168.65.3 »

### Steps to Reproduce

1. `docker run -it --rm --privileged --net=host bettercap/dev -debug`
2. `caplets.update`

**Expected behavior:** *Caplets should be signed by a proper certificate and no error should appear.*

**Actual behavior:** *A certificate signing error occured.* `Get https://github.com/bettercap/caplets/archive/master.zip: x509: certificate signed by unknown authority`

**Workaround:** 
1. `docker run -it --rm --privileged --net=host --entrypoint=/bin/bash bettercap/dev -i`
2. `apk add --update ca-certificates`
3. `./bettercap`
4. `caplets.update`

docker run -it --rm --privileged --net=host --entrypoint=/bin/bash bettercap/dev -i bash-4.4# apk add --update ca-certificates fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz (1/1) Installing ca-certificates (20190108-r0) Executing busybox-1.29.3-r10.trigger Executing ca-certificates-20190108-r0.trigger OK: 20 MiB in 33 packages bash-4.4# ./bettercap -debug bettercap v2.19 (built for linux amd64 with go1.12.1) [type 'help' for a list of commands]

192.168.65.0/24 > 192.168.65.3 » [22:46:55] [sys.log] [dbg] FindGateway(eth0) [cmd=ip opts=[route] parser=^(default|[0-9]+.[0-9]+.[0-9]+.[0-9]+)\svia\s([0-9]+.[0-9]+.[0-9]+.[0-9]+)\sdev\s(\S+).*$] 192.168.65.0/24 > 192.168.65.3 » [22:46:55] [sys.log] [dbg] FindGateway(eth0) output: default via 192.168.65.1 dev eth0 127.0.0.0/8 dev lo scope host 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.65.0/24 dev eth0 proto kernel scope link src 192.168.65.3 192.168.65.0/24 > 192.168.65.3 » [22:46:55] [sys.log] [dbg] FindGateway(eth0) line 'default via 192.168.65.1 dev eth0' matched with [default via 192.168.65.1 dev eth0 default 192.168.65.1 eth0] 192.168.65.0/24 > 192.168.65.3 » [22:46:55] [sys.log] [dbg] gateway is 192.168.65.1[f6:16:36:bc:f9:c6] 192.168.65.0/24 > 192.168.65.3 » [22:46:55] [session.started] {session.started 2019-03-22 22:46:55.1885358 +0000 UTC m=+0.124119001 } 192.168.65.0/24 > 192.168.65.3 » [22:46:55] [mod.started] events.stream 192.168.65.0/24 > 192.168.65.3 » [22:46:55] [mod.started] net.recon 192.168.65.0/24 > 192.168.65.3 » caplets.update [22:47:01] [sys.log] [inf] caplets creating caplets install path /usr/local/share/bettercap/ ... [22:47:01] [sys.log] [inf] caplets downloading caplets from https://github.com/bettercap/caplets/archive/master.zip ... [22:47:02] [sys.log] [inf] caplets installing caplets to /usr/local/share/bettercap/caplets ... 192.168.65.0/24 > 192.168.65.3 »

[zanemcca]

I've added the error to bettercap/bettercap since the bug is in the Dockerfile. https://github.com/bettercap/bettercap/issues/506