Closed gl4nce closed 1 year ago
I found a workaround. Converting p12 to pem format with openssl works fine.
# converting
openssl pkcs12 -in mtls.p12 -out mtls.crt.pem -clcerts -nokeys
openssl pkcs12 -in mtls.p12 -out mtls.key.pem -nocerts -nodes
# gobuster
gobuster dir -u "https://web.site" -w /usr/share/wordlists/dirb/big.txt --client-cert-pem ./mtls.crt.pem --client-cert-pem-key ./mtls.key.pem
Jeah looks like this is a problem with gos implementation of pkcs12. There is already an open issue for this: https://github.com/golang/go/issues/62375
Looks like hashicorp switched to another library because of this problem: https://github.com/hashicorp/go-azure-sdk/pull/328 will have a look if the other library works too
@gl4nce can you please try out the dev branch and see if that works for your p12?
go install github.com/OJ/gobuster/v3@dev
Thanks!
That was incredibly fast. :)
Tested and working fine for me. Thanks a lot!
$ ./gobuster dir -u "https://web.site" -w /usr/share/wordlists/dirb/big.txt --client-cert-p12 ../mtls.p12 --client-cert-p12-password "password"
===============================================================
Gobuster v3.7
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: https://web.site
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/big.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.7
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/.htaccess (Status: 403) [Size: 199]
/.htpasswd (Status: 403) [Size: 199]
[...]
Awesome thanks for testing :)
Unfortunately, MTLS is not working for me. I'm getting
Error: error on parsing arguments: could not load P12: pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1
.I did little research and looks like it has something to do with go/security? I'm using version
3.6.0-0kali1
.