If you have every wondered if the certificate being presented in your corporation web proxy is the actual valid certificate then you can retrieve the thumbprint and issuer and then confirm it has come from a valid certificate authority.
The script below, in bash will output the results to the console or will create a html file as below if you choose the option with the syntax, as an example:
#!/bin/bash
# Color codes for terminal
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
GRAY='\033[0;37m'
NC='\033[0m' # No Color
HOSTNAME=$1
PROXY_SERVER=$2
PROXY_PORT=${3:-8080}
HTML_OUTPUT=${4:-false}
if [ -z "$HOSTNAME" ]; then
echo "Usage: $0 hostname [proxy_server] [proxy_port] [html]"
echo "Example: $0 amazon.com"
echo "Example: $0 amazon.com proxy.company.com 8080"
echo "Example: $0 amazon.com proxy.company.com 8080 html"
exit 1
fi
# HTML output functions
html_header() {
cat << EOF
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Certificate Analysis - $HOSTNAME</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', system-ui,
sans-serif;
line-height: 1.6;
color: #333;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
padding: 20px;
}
.container {
max-width: 1000px;
margin: 0 auto;
background: white;
border-radius: 16px;
box-shadow: 0 8px 32px rgba(0,0,0,0.15);
overflow: hidden;
}
.header {
background: linear-gradient(135deg, #2c3e50 0%, #34495e 100%);
color: white;
padding: 32px;
text-align: center;
}
.title {
font-size: 32px;
font-weight: 700;
margin-bottom: 12px;
}
.subtitle {
font-size: 16px;
opacity: 0.9;
}
.content {
padding: 32px;
}
.health-card {
background: linear-gradient(135deg, #ff6b6b 0%, #ee5a24 100%);
color: white;
padding: 24px;
border-radius: 12px;
margin-bottom: 32px;
text-align: center;
position: relative;
overflow: hidden;
}
.health-card.safe {
background: linear-gradient(135deg, #00b894 0%, #00a085 100%);
}
.health-card::before {
content: '';
position: absolute;
top: -50%;
left: -50%;
width: 200%;
height: 200%;
background: radial-gradient(circle, rgba(255,255,255,0.1) 0%,
transparent 70%);
animation: pulse 4s ease-in-out infinite;
}
@keyframes pulse {
0%, 100% { transform: scale(1); opacity: 0.3; }
50% { transform: scale(1.1); opacity: 0.6; }
}
.health-icon {
font-size: 48px;
margin-bottom: 16px;
display: block;
}
.health-title {
font-size: 24px;
font-weight: 700;
margin-bottom: 8px;
}
.health-desc {
font-size: 16px;
opacity: 0.9;
}
.stats-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
gap: 20px;
margin: 32px 0;
}
.stat-card {
background: linear-gradient(135deg, #f8f9fa 0%, #e9ecef 100%);
border-radius: 12px;
padding: 20px;
text-align: center;
border-left: 4px solid;
position: relative;
transition: transform 0.3s ease;
}
.stat-card:hover {
transform: translateY(-4px);
}
.stat-card.danger { border-left-color: #ff6b6b; }
.stat-card.safe { border-left-color: #00b894; }
.stat-card.info { border-left-color: #0984e3; }
.stat-card.warning { border-left-color: #fdcb6e; }
.stat-number {
font-size: 32px;
font-weight: 700;
color: #2c3e50;
margin-bottom: 8px;
}
.stat-label {
font-size: 14px;
color: #6c757d;
font-weight: 500;
}
.comparison {
display: grid;
grid-template-columns: 1fr 1fr;
gap: 24px;
margin: 32px 0;
}
.cert-card {
background: white;
border: 1px solid #dee2e6;
border-radius: 12px;
padding: 24px;
position: relative;
box-shadow: 0 4px 16px rgba(0,0,0,0.1);
}
.cert-card.direct {
border-left: 4px solid #00b894;
}
.cert-card.proxy {
border-left: 4px solid #ff6b6b;
}
.cert-card.proxy.safe {
border-left: 4px solid #00b894;
}
.cert-header {
display: flex;
align-items: center;
margin-bottom: 20px;
}
.cert-icon {
font-size: 24px;
margin-right: 12px;
}
.cert-title {
font-weight: 700;
font-size: 18px;
color: #2c3e50;
}
.cert-status {
margin-left: auto;
padding: 4px 12px;
border-radius: 20px;
font-size: 12px;
font-weight: 600;
}
.cert-status.verified {
background: #d1f2eb;
color: #00695c;
}
.cert-status.intercepted {
background: #fdeaea;
color: #c62828;
}
.thumbprint {
font-family: 'SF Mono', Monaco, 'Cascadia Code', monospace;
background: #f8f9fa;
border: 1px solid #dee2e6;
padding: 12px;
border-radius: 8px;
font-size: 11px;
word-break: break-all;
margin: 16px 0;
position: relative;
}
.thumbprint::before {
content: 'SHA256';
position: absolute;
top: -8px;
left: 12px;
background: white;
padding: 0 8px;
font-size: 10px;
color: #6c757d;
font-weight: 600;
}
.cert-details {
margin-top: 16px;
}
.detail-row {
display: flex;
justify-content: space-between;
padding: 8px 0;
border-bottom: 1px solid #f1f3f4;
font-size: 14px;
}
.detail-label {
color: #6c757d;
font-weight: 500;
min-width: 80px;
}
.detail-value {
font-family: monospace;
font-size: 12px;
text-align: right;
flex: 1;
margin-left: 16px;
}
.risk-assessment {
background: linear-gradient(135deg, #2c3e50 0%, #34495e 100%);
color: white;
border-radius: 12px;
padding: 24px;
margin: 32px 0;
display: none;
}
.risk-title {
font-size: 20px;
font-weight: 700;
margin-bottom: 16px;
display: flex;
align-items: center;
}
.risk-title::before {
content: '⚠';
margin-right: 12px;
font-size: 24px;
}
.risk-list {
list-style: none;
margin: 0;
padding: 0;
}
.risk-item {
padding: 8px 0;
padding-left: 24px;
position: relative;
}
.risk-item::before {
content: '•';
position: absolute;
left: 0;
color: #ff6b6b;
font-weight: bold;
}
.summary {
background: #f8f9fa;
border-radius: 12px;
padding: 24px;
margin-top: 32px;
}
.summary-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
gap: 16px;
}
.summary-item {
display: flex;
justify-content: space-between;
padding: 12px 0;
border-bottom: 1px solid #dee2e6;
}
.summary-label {
color: #6c757d;
font-weight: 600;
}
.summary-value {
font-family: monospace;
font-size: 14px;
}
@media (max-width: 768px) {
.comparison { grid-template-columns: 1fr; }
.stats-grid { grid-template-columns: repeat(2, 1fr); }
.container { margin: 10px; }
.content { padding: 20px; }
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<div class="title">🔐 Certificate Security Analysis</div>
<div class="subtitle">$HOSTNAME • $(date '+%B %d, %Y at %H:%M')</div>
</div>
<div class="content">
EOF
}
html_footer() {
cat << EOF
</div>
</div>
</body>
</html>
EOF
}
# Initialize HTML if requested
if [ "$HTML_OUTPUT" = "html" ]; then
html_header > report.html
echo -e "${BLUE}Generating HTML report: report.html${NC}"
fi
echo -e "${BLUE}Checking certificate for $HOSTNAME...${NC}"
# Function to get certificate info
get_cert_info() {
local host=$1
local use_proxy=$2
local proxy_host=$3
local proxy_port=$4
if [ "$use_proxy" = "true" ]; then
# Use proxy
openssl s_client -connect $host:443 -servername $host -proxy
$proxy_host:$proxy_port 2>/dev/null < /dev/null | openssl x509 -noout
-fingerprint -sha256 -issuer -dates 2>/dev/null
else
# Direct connection
openssl s_client -connect $host:443 -servername $host 2>/dev/null
< /dev/null | openssl x509 -noout -fingerprint -sha256 -issuer -dates 2>/dev/null
fi
}
if [ ! -z "$PROXY_SERVER" ]; then
echo -e "${YELLOW}Testing with proxy: $PROXY_SERVER:$PROXY_PORT${NC}"
echo -e "\n${CYAN}=== Direct Connection (No Proxy) ===${NC}"
DIRECT_CERT=$(get_cert_info $HOSTNAME false)
if [ ! -z "$DIRECT_CERT" ]; then
echo "$DIRECT_CERT"
DIRECT_FINGERPRINT=$(echo "$DIRECT_CERT" | grep -i "fingerprint=" |
cut -d'=' -f2 | tr -d ' :')
DIRECT_ISSUER=$(echo "$DIRECT_CERT" | grep "issuer=" | cut -d'=' -f2-)
echo -e "${GRAY}Direct Thumbprint: $DIRECT_FINGERPRINT${NC}"
echo -e "${GRAY}Direct Issuer: $DIRECT_ISSUER${NC}"
else
echo -e "${RED}Failed to get direct certificate${NC}"
DIRECT_FINGERPRINT=""
fi
echo -e "\n${CYAN}=== Proxy Connection ===${NC}"
PROXY_CERT=$(get_cert_info $HOSTNAME true $PROXY_SERVER $PROXY_PORT)
if [ ! -z "$PROXY_CERT" ]; then
echo "$PROXY_CERT"
PROXY_FINGERPRINT=$(echo "$PROXY_CERT" | grep -i "fingerprint=" | cut -d'='
-f2 | tr -d ' :')
PROXY_ISSUER=$(echo "$PROXY_CERT" | grep "issuer=" | cut -d'=' -f2-)
echo -e "${GRAY}Proxy Thumbprint: $PROXY_FINGERPRINT${NC}"
echo -e "${GRAY}Proxy Issuer: $PROXY_ISSUER${NC}"
else
echo -e "${RED}Failed to get proxy certificate${NC}"
# Try alternative method for proxy
echo -e "${YELLOW}Trying alternative proxy method...${NC}"
export https_proxy="http://$PROXY_SERVER:$PROXY_PORT"
PROXY_CERT=$(openssl s_client -connect $HOSTNAME:443 -servername $HOSTNAME
2>/dev/null < /dev/null | openssl x509 -noout -fingerprint -sha256 -issuer
-dates 2>/dev/null)
unset https_proxy
if [ ! -z "$PROXY_CERT" ]; then
echo "$PROXY_CERT"
PROXY_FINGERPRINT=$(echo "$PROXY_CERT" | grep -i "fingerprint=" |
cut -d'=' -f2 | tr -d ' :')
PROXY_ISSUER=$(echo "$PROXY_CERT" | grep "issuer=" | cut -d'=' -f2-)
echo -e "${GRAY}Proxy Thumbprint: $PROXY_FINGERPRINT${NC}"
echo -e "${GRAY}Proxy Issuer: $PROXY_ISSUER${NC}"
else
echo -e "${RED}Failed to get certificate through proxy${NC}"
exit 1
fi
fi
# Compare thumbprints
echo -e "\n${CYAN}=== THUMBPRINT COMPARISON ===${NC}"
echo -e "${GRAY}Debug: Direct fingerprint length: ${#DIRECT_FINGERPRINT}${NC}"
echo -e "${GRAY}Debug: Proxy fingerprint length: ${#PROXY_FINGERPRINT}${NC}"
echo -e "${GRAY}Debug: Direct fingerprint: '$DIRECT_FINGERPRINT'${NC}"
echo -e "${GRAY}Debug: Proxy fingerprint: '$PROXY_FINGERPRINT'${NC}"
if [ -z "$DIRECT_FINGERPRINT" ]; then
echo -e "${RED}❌ Missing direct certificate fingerprint${NC}"
echo -e "${YELLOW}Direct certificate data:${NC}"
echo -e "${GRAY}$DIRECT_CERT${NC}"
fi
if [ -z "$PROXY_FINGERPRINT" ]; then
echo -e "${RED}❌ Missing proxy certificate fingerprint${NC}"
echo -e "${YELLOW}Proxy certificate data:${NC}"
echo -e "${GRAY}$PROXY_CERT${NC}"
fi
# HTML output for comparison
if [ "$HTML_OUTPUT" = "html" ]; then
if [ ! -z "$DIRECT_FINGERPRINT" ] && [ ! -z "$PROXY_FINGERPRINT" ]; then
if [ "$DIRECT_FINGERPRINT" = "$PROXY_FINGERPRINT" ]; then
# No inspection detected
cat << EOF >> report.html
<!-- Health Card -->
<div class="health-card safe">
<span class="health-icon">✅</span>
<div class="health-title">Secure Connection Verified</div>
<div class="health-desc">No HTTPS inspection detected -
your traffic is private</div>
</div>
<!-- Statistics -->
<div class="stats-grid">
<div class="stat-card safe">
<div class="stat-number">0</div>
<div class="stat-label">Security Threats</div>
</div>
<div class="stat-card info">
<div class="stat-number">100%</div>
<div class="stat-label">Certificate Match</div>
</div>
<div class="stat-card info">
<div class="stat-number">1</div>
<div class="stat-label">Verified CA</div>
</div>
<div class="stat-card safe">
<div class="stat-number">$(echo "$DIRECT_CERT" |
grep -o 'notAfter' | wc -l)</div>
<div class="stat-label">Valid Certificate</div>
</div>
</div>
<!-- Certificate Comparison -->
<div class="comparison">
<div class="cert-card direct">
<div class="cert-header">
<span class="cert-icon">🌐</span>
<div class="cert-title">Direct Connection</div>
<span class="cert-status verified">Verified</span>
</div>
<div class="thumbprint">$(echo "$DIRECT_FINGERPRINT" |
sed 's/.\{2\}/&:/g' | sed 's/:$//')</div>
<div class="cert-details">
<div class="detail-row">
<span class="detail-label">Issuer</span>
<span class="detail-value">$(echo "$DIRECT_ISSUER" |
cut -d',' -f1-2)</span>
</div>
<div class="detail-row">
<span class="detail-label">Type</span>
<span class="detail-value">Authentic Certificate</span>
</div>
<div class="detail-row">
<span class="detail-label">Source</span>
<span class="detail-value">Direct from Server</span>
</div>
</div>
</div>
<div class="cert-card proxy safe">
<div class="cert-header">
<span class="cert-icon">🔒</span>
<div class="cert-title">Proxy Connection</div>
<span class="cert-status verified">Verified</span>
</div>
<div class="thumbprint">$(echo "$PROXY_FINGERPRINT" |
sed 's/.\{2\}/&:/g' | sed 's/:$//')</div>
<div class="cert-details">
<div class="detail-row">
<span class="detail-label">Issuer</span>
<span class="detail-value">$(echo "$PROXY_ISSUER" |
cut -d',' -f1-2)</span>
</div>
<div class="detail-row">
<span class="detail-label">Type</span>
<span class="detail-value">Passthrough Certificate</span>
</div>
<div class="detail-row">
<span class="detail-label">Source</span>
<span class="detail-value">Via Clean Proxy</span>
</div>
</div>
</div>
</div>
EOF
else
# Inspection detected
cat << EOF >> report.html
<!-- Health Card -->
<div class="health-card">
<span class="health-icon">🚨</span>
<div class="health-title">HTTPS Inspection Detected</div>
<div class="health-desc">Your organization is intercepting and reading
encrypted traffic</div>
</div>
<!-- Statistics -->
<div class="stats-grid">
<div class="stat-card danger">
<div class="stat-number">1</div>
<div class="stat-label">Active Threat</div>
</div>
<div class="stat-card danger">
<div class="stat-number">0%</div>
<div class="stat-label">Certificate Match</div>
</div>
<div class="stat-card warning">
<div class="stat-number">2</div>
<div class="stat-label">Different CAs</div>
</div>
<div class="stat-card info">
<div class="stat-number">100%</div>
<div class="stat-label">Traffic Monitored</div>
</div>
</div>
<!-- Certificate Comparison -->
<div class="comparison">
<div class="cert-card direct">
<div class="cert-header">
<span class="cert-icon">🌐</span>
<div class="cert-title">Direct Connection</div>
<span class="cert-status verified">Real Certificate</span>
</div>
<div class="thumbprint">$(echo "$DIRECT_FINGERPRINT" |
sed 's/.\{2\}/&:/g' | sed 's/:$//')</div>
<div class="cert-details">
<div class="detail-row">
<span class="detail-label">Issuer</span>
<span class="detail-value">$(echo "$DIRECT_ISSUER" |
cut -d',' -f1-2)</span>
</div>
<div class="detail-row">
<span class="detail-label">Type</span>
<span class="detail-value">Legitimate Certificate</span>
</div>
<div class="detail-row">
<span class="detail-label">Source</span>
<span class="detail-value">Direct from $HOSTNAME</span>
</div>
</div>
</div>
<div class="cert-card proxy">
<div class="cert-header">
<span class="cert-icon">⚠</span>
<div class="cert-title">Proxy Connection</div>
<span class="cert-status intercepted">Intercepted</span>
</div>
<div class="thumbprint">$(echo "$PROXY_FINGERPRINT" |
sed 's/.\{2\}/&:/g' | sed 's/:$//')</div>
<div class="cert-details">
<div class="detail-row">
<span class="detail-label">Issuer</span>
<span class="detail-value">$(echo "$PROXY_ISSUER" |
cut -d',' -f1-2)</span>
</div>
<div class="detail-row">
<span class="detail-label">Type</span>
<span class="detail-value">Corporate Substitute</span>
</div>
<div class="detail-row">
<span class="detail-label">Source</span>
<span class="detail-value">Corporate Proxy Server</span>
</div>
</div>
</div>
</div>
</div>
EOF
fi
# Summary section for both cases
cat << EOF >> report.html
<!-- Summary -->
<div class="summary">
<h3 style="margin-bottom: 20px; color: #2c3e50;">📋
Technical Summary</h3>
<div class="summary-grid">
<div>
<div class="summary-item">
<span class="summary-label">Target Host</span>
<span class="summary-value">$HOSTNAME</span>
</div>
<div class="summary-item">
<span class="summary-label">Proxy Server</span>
<span class="summary-value">$PROXY_SERVER:$PROXY_PORT</span>
</div>
<div class="summary-item">
<span class="summary-label">Analysis Date</span>
<span class="summary-value">$(date '+%Y-%m-%d %H:%M:%S')
</span>
</div>
</div>
<div>
<div class="summary-item">
<span class="summary-label">Direct Thumbprint</span>
<span class="summary-value" style="font-size: 10px;">
$(echo "$DIRECT_FINGERPRINT" | head -c 32)...</span>
</div>
<div class="summary-item">
<span class="summary-label">Proxy Thumbprint</span>
<span class="summary-value" style="font-size: 10px;">
$(echo "$PROXY_FINGERPRINT" | head -c 32)...</span>
</div>
<div class="summary-item">
<span class="summary-label">Status</span>
EOF
if [ "$DIRECT_FINGERPRINT" = "$PROXY_FINGERPRINT" ]; then
echo ' <span class="summary-value"
style="color: #00695c; font-weight: 600;">✅ Secure</span>'
>> report.html
else
echo ' <span class="summary-value"
style="color: #c62828; font-weight: 600;">🚨 Inspection
Active</span>' >> report.html
fi
cat << EOF >> report.html
</div>
</div>
</div>
</div>
EOF
fi
fi
if [ -z "$DIRECT_FINGERPRINT" ] || [ -z "$PROXY_FINGERPRINT" ]; then
echo -e "${RED}❌ Cannot compare - missing certificate data${NC}"
# Try to get at least one working certificate for analysis
if [ ! -z "$PROXY_FINGERPRINT" ]; then
echo -e "${YELLOW}Analyzing proxy certificate only...${NC}"
echo -e "${GRAY}Proxy Thumbprint: $PROXY_FINGERPRINT${NC}"
echo -e "${GRAY}Proxy Issuer: $PROXY_ISSUER${NC}"
# Check if it's a corporate CA
if [[ "$PROXY_ISSUER" =~ Corporate|Internal|Company|Proxy|InternalCA|
Enterprise|Local ]]; then
echo -e "${RED}🚨 CORPORATE CA DETECTED in proxy certificate${NC}"
echo -e "${RED}HTTPS inspection is likely active${NC}"
else
echo -e "${YELLOW}❓ Unable to determine inspection status${NC}"
echo -e "${YELLOW}Direct connection failed, cannot compare
certificates${NC}"
fi
elif [ ! -z "$DIRECT_FINGERPRINT" ]; then
echo -e "${YELLOW}Analyzing direct certificate only...${NC}"
echo -e "${GRAY}Direct Thumbprint: $DIRECT_FINGERPRINT${NC}"
echo -e "${GRAY}Direct Issuer: $DIRECT_ISSUER${NC}"
echo -e "${YELLOW}❓ Proxy connection failed, cannot test for inspection${NC}"
fi
exit 1
fi
echo -e "${GRAY}Direct: $DIRECT_FINGERPRINT${NC}"
echo -e "${GRAY}Proxy: $PROXY_FINGERPRINT${NC}"
if [ "$DIRECT_FINGERPRINT" = "$PROXY_FINGERPRINT" ]; then
echo -e "${GREEN}✅ THUMBPRINTS MATCH: No HTTPS inspection detected${NC}"
echo -e "${GREEN}Same certificate received through both connections${NC}"
INSPECTION_STATUS="NONE"
else
echo -e "${RED}🚨 THUMBPRINTS MISMATCH: HTTPS INSPECTION DETECTED${NC}"
echo -e "${RED}Different certificates = corporate man-in-the-middle attack${NC}"
INSPECTION_STATUS="DETECTED"
fi
else
# No proxy provided - just get direct certificate
echo -e "\n${CYAN}=== Direct Certificate ===${NC}"
CERT_INFO=$(get_cert_info $HOSTNAME false)
if [ ! -z "$CERT_INFO" ]; then
echo "$CERT_INFO"
FINGERPRINT=$(echo "$CERT_INFO" | grep "SHA256 Fingerprint=" | cut -d'='
-f2 | tr -d ' :')
ISSUER=$(echo "$CERT_INFO" | grep "issuer=" | cut -d'=' -f2-)
echo -e "${GRAY}Thumbprint: $FINGERPRINT${NC}"
echo -e "${GRAY}Issuer: $ISSUER${NC}"
INSPECTION_STATUS="UNKNOWN"
else
echo -e "${RED}❌ Failed to retrieve certificate${NC}"
exit 1
fi
fi
# Final Analysis
echo -e "\n${CYAN}=== FINAL ANALYSIS ===${NC}"
if [ "$INSPECTION_STATUS" = "DETECTED" ]; then
echo -e "${RED}🚨 HTTPS INSPECTION IS ACTIVE${NC}"
echo -e "${RED}Your organization is intercepting HTTPS traffic${NC}"
echo -e "${RED}All 'secure' communications can be read by your company${NC}"
# HTML output for final analysis
if [ "$HTML_OUTPUT" = "html" ]; then
# HTML output is already handled in the comparison section above
# No additional HTML needed here since we use the minimalistic design
true
fi
elif [ "$INSPECTION_STATUS" = "NONE" ]; then
echo -e "${GREEN}✅ NO HTTPS INSPECTION DETECTED${NC}"
echo -e "${GREEN}Certificates match - no interception occurring${NC}"
if [ "$HTML_OUTPUT" = "html" ]; then
# HTML output is already handled in the comparison section above
# No additional HTML needed for the minimalistic design
true
fi
else
echo -e "${YELLOW}❓ INSPECTION STATUS UNKNOWN${NC}"
echo -e "${YELLOW}Provide proxy details to test for inspection:${NC}"
echo -e "${YELLOW}$0 $HOSTNAME proxy.server.com 8080${NC}"
if [ "$HTML_OUTPUT" = "html" ]; then
# HTML output is already handled in the comparison section above
# No additional HTML needed for the minimalistic design
true
fi
fi
echo -e "\n${CYAN}=== SUMMARY ===${NC}"
echo -e "${GRAY}Hostname: $HOSTNAME${NC}"
if [ ! -z "$PROXY_SERVER" ]; then
echo -e "${GRAY}Proxy: $PROXY_SERVER:$PROXY_PORT${NC}"
if [ ! -z "$DIRECT_FINGERPRINT" ]; then
echo -e "${GRAY}Direct Thumbprint: $DIRECT_FINGERPRINT${NC}"
fi
if [ ! -z "$PROXY_FINGERPRINT" ]; then
echo -e "${GRAY}Proxy Thumbprint: $PROXY_FINGERPRINT${NC}"
fi
if [ ! -z "$DIRECT_ISSUER" ]; then
echo -e "${GRAY}Direct Issuer: $(echo "$DIRECT_ISSUER" | cut -d',' -f1-2)${NC}"
fi
if [ ! -z "$PROXY_ISSUER" ]; then
echo -e "${GRAY}Proxy Issuer: $(echo "$PROXY_ISSUER" | cut -d',' -f1-2)${NC}"
fi
else
if [ ! -z "$FINGERPRINT" ]; then
echo -e "${GRAY}Thumbprint: $FINGERPRINT${NC}"
fi
if [ ! -z "$ISSUER" ]; then
echo -e "${GRAY}Issuer: $(echo "$ISSUER" | cut -d',' -f1-2)${NC}"
fi
fi
# Finalize HTML output
if [ "$HTML_OUTPUT" = "html" ]; then
html_footer >> report.html
echo -e "\n${GREEN}✅ HTML report generated: report.html${NC}"Results - Console
If you have nothing interfering with the certificate you will get a confirmation that it matches:
Then if you have HTTPS inspection enabled this will not match up as you can see below:
Result - HTML report
If you opt for the HTML report then you can see the differences below, this is with no HTTPS inspection:
If you have HTTPS inspection intercepting then you will see this, showing that inspection is enabled:
# Direct connection
./certcheck.sh amazon.com
# Through proxy
./certcheck.sh amazon.com proxy.bear.local 3129
# Debug mode
bash -x ./certcheck.sh amazon.com
# Generate HTML report
./sslcheck.sh amazon.com proxy.bear.local 3129 html