Ubuntu and SNMP MIBs

Just a quick note: if you’re trying to run something that queries a specific MIB like:
snmpwalk -v1 -c public ${host} system

and you get an error like:
Unknown Object Identifier (Sub-id not found: (top) -> system)

This is because MIBs are not “free”, so Ubuntu disables them by default.

To get them back, install the MIBS using 
# apt-get install snmp-mibs-downloader

Then go comment out the mibs : line in /etc/snmp/snmp.conf (it’s line 4 as of this post). Now run your query again and things should be better.

Getting Keytool to Work With BouncyCastle in Ubuntu

This isn’t going to be an earth shattering post of supreme l33t-ness, just a quick note so I don’t forget how to do this:

If you want to get the Bouncy Castle provider working in Ubuntu – so you can do things like, say, update the cacerts.bks on an Android device with the PortSwiggerCA.crt to MiTM SSL traffic from a mobile device – you need to do the following things:

  1. Download the Bouncy Castle Provider of your choice. As of this post, the version I’m using is here.
  2. Put the .jar file in the following directory:
    /usr/lib/jvm/java-6-sun/jre/lib/ext
  3. Add the following to /usr/lib/jvm/java-6-sun/jre/lsecurity/java.security:
    security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider
  4. Run the following command:
    keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass changeit -importcert -trustcacerts -alias PortSwiggerCA -file PortSwiggerCA.crt
For completeness, the cacerts.bks file can be pulled off the Android device using:
adb pull /system/etc/security/cacerts.bks
You’ll need to remount the /system file system as read-write to push the modified one back, you can do that using the following command (from the adb shell):
# mount -o rw,remount /dev/block/system /system
A side note: it seems that IE9 and Chromium browser have decided to disallow the export of untrusted CA certificates (Older Firefox still allows it, but newer ones may not – I didn’t check). As a result, you may have difficulty getting a copy of the PortSwiggerCA.crt file. If you find yourself in that situation, you’re mostly screwed – unless you have the pro version of Burp, which has an export option.