Extracting Certs and Keys from .pfx and using with sqlmap

I only had a .pfx file to work with and needed to extract the key and certificate in order to use sqlmap against a particular site. This site provided all the steps I needed to do that.

1. Extract private key:

   • openssl.exe pkcs12 -in file.pfx -nocerts -out privKey.pem

2. Extract certificate:

   • openssl.exe pkcs12 -in file.pfx -clcerts -nokeys -out cert.pem

3. Remove password from private key:

   • openssl.exe rsa -in privKey.pem -out private.pem

Once that is done run sqlmap with the following flags:

• sqlmap -u https://www.targeturl.com --auth-cert privatekey.pem,cert.pem

To save time typing in the key and cert locations, if in windows you can just drag the file into the command prompt (not sure about linux/mac).

Option 2:

If you have your client cert loaded into Burp, you could just use the sqlmap option ‘–proxy=”http://localhost:8080″‘ and have sqlmap go through Burp and then not worry about extracting certs/keys.  This would have been easier, but I found out about it later.  Good to know for the future.