kgretzky / pwndrop

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
https://breakdev.org/pwndrop
GNU General Public License v3.0
2.02k stars 259 forks source link

change cert #16

Open k4nfr3 opened 4 years ago

k4nfr3 commented 4 years ago

Hi,

i gues it's a feature request, for asking how to select your own cert for the https instead of the self signed one.

marius56 commented 4 years ago

Hi k4nfr3,

I asked myself the same question, so I looked in the source code. I found the following in /core/server.go: https://github.com/kgretzky/pwndrop/blob/9d2278e71fabd8e868668271badbba9cccdca433/core/server.go#L47-L58

So it looks like you could just insert your own certificate ("public.crt") and private key ("private.key") at the data directory (by default /usr/local/pwndrop/data/). It should only generate a new cert, if it has not found a valid one. I have not tested it yet, but I am pretty sure that should work.

kgretzky commented 4 years ago

@marius56 is perfectly right. I haven't yet put that information in the README it seems, but I can confirm this solution will work.

If pwndrop finds these two files, it will use them.