search

EnableSecurity / wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
https://www.enablesecurity.com/
BSD 3-Clause "New" or "Revised" License
5.28k stars 933 forks source link

IDNA does not round-trip #126

Closed m4ll0k closed 3 years ago

m4ll0k commented 3 years ago

wafw00f https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools

error:

Traceback (most recent call last):
  File "/usr/local/bin/wafw00f", line 4, in <module>
    __import__('pkg_resources').run_script('wafw00f==2.1.0', 'wafw00f')
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 658, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1438, in run_script
    exec(code, namespace, namespace)
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/EGG-INFO/scripts/wafw00f", line 8, in <module>
    main.main()
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/wafw00f/main.py", line 423, in main
    rq = attacker.normalRequest()
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/wafw00f/main.py", line 43, in normalRequest
    return self.Request()
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/wafw00f/lib/evillib.py", line 83, in Request
    allow_redirects=self.allowredir, params=params, verify=False)
  File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 677, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 381, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 978, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 371, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.6/dist-packages/urllib3/util/ssl_.py", line 386, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib/python3.6/ssl.py", line 809, in __init__
    server_hostname)
  File "/usr/lib/python3.6/encodings/idna.py", line 214, in decode
    result.append(ToUnicode(label))
  File "/usr/lib/python3.6/encodings/idna.py", line 139, in ToUnicode
    raise UnicodeError("IDNA does not round-trip", label, label2)
UnicodeError: ('IDNA does not round-trip', b'xn--p8j5cxcyjlcygn342e-comwebmail', b'xn--p8j5cxcyjlcygn342e-upmz7bxaebnai')
sandrogauci commented 3 years ago

hi @m4ll0k - I wasn't familiar with this error so I looked it up. It certainly seems to have been a problem with some versions of python3 that supported the old IDNA 2003 and that your URL is encoded with IDNA 2008. See: https://bugs.python.org/issue32437

I still did some tests.

Firstly, the hostname given couldn't be resolved. I suppose it no longer is valid.

➜  ~ wafw00f https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools

                   ______
                  /      \
                 (  Woof! )
                  \  ____/                      )
                  ,,                           ) (_
             .-. -    _______                 ( |__|
            ()``; |==|_______)                .)|__|
            / ('        /|\                  (  |__|
        (  /  )        / | \                  . |__|
         \(_)_))      /  |  \                   |__|

                    ~ WAFW00F : v2.1.0 ~
    The Web Application Firewall Fingerprinting Toolkit

[*] Checking https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools
ERROR:wafw00f:Something went wrong HTTPSConnectionPool(host='xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ffb0554a3a0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
ERROR:wafw00f:Site xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools appears to be down

Then I decided to fake it, so I added a server of mine in my /etc/hosts pointing towards xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools. No errors seen with my version of python:

➜  ~ wafw00f https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools

                ______
               /      \
              (  W00f! )
               \  ____/
               ,,    __            404 Hack Not Found
           |`-.__   / /                      __     __
           /"  _/  /_/                       \ \   / /
          *===*    /                          \ \_/ /  405 Not Allowed
         /     )__//                           \   /
    /|  /     /---`                        403 Forbidden
    \\/`   \ |                                 / _ \
    `\    /_\\_              502 Bad Gateway  / / \ \  500 Internal Error
      `_____``-`                             /_/   \_\

                        ~ WAFW00F : v2.1.0 ~
        The Web Application Firewall Fingerprinting Toolkit

[*] Checking https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools
[+] Generic Detection results:
[-] No WAF detected by the generic detection
[~] Number of requests: 7

So what we can do is to raise a warning, telling you to upgrade your python if you want to use IDNA 2008 hostnames. But other than that, its not our bug :)

m4ll0k commented 3 years ago

@sandrogauci - your version of python?

m4ll0k commented 3 years ago

@sandrogauci i tried as you say and i don't get any problem but i tried with https protocol and it gives me problems (after i updated python)..

sandrogauci commented 3 years ago

@sandrogauci - your version of python?

Python 3.9.1 (default, Jan 20 2021, 00:00:00)

sandrogauci commented 3 years ago

@sandrogauci i tried as you say and i don't get any problem but i tried with https protocol and it gives me problems (after i updated python)..

do you have an error to share? :)

m4ll0k commented 3 years ago

Hey @sandrogauci - sorry for delay, in the end it was my version of python, now I have solved thank you very much!

blackcodersec commented 5 months ago

@sandrogauci @m4ll0k My Python version is Python 3.10.12 I am facing this issue. could you tell me how to fix this issue?