search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.58k stars 1.22k forks source link

Handle ZeroReturnError exception #10888

Closed 1d3df9903ad closed 9 years ago

1d3df9903ad commented 9 years ago

Version Information

  Python version: 2.7.3 (default, Mar 14 2014, 11:57:14) [GCC 4.7.2]
  GTK version: 2.24.10
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.6.46
    Distribution: Kali Linux
    Author: Andres Riancho and the w3af team.

Traceback

A "ZeroReturnError" exception was found while running audit.xst on "Method: GET | https://domain/path/foo/ | Query string: (id,ref,sk)". The exception was: "" at SSL.py:_raise_ssl_error():851.The full traceback is:
  File "/usr/share/w3af/w3af/core/controllers/core_helpers/consumers/audit.py", line 110, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/usr/share/w3af/w3af/core/controllers/plugins/audit_plugin.py", line 139, in audit_with_copy
    return self.audit(fuzzable_request, orig_resp)
  File "/usr/share/w3af/w3af/plugins/audit/xst.py", line 69, in audit
    response = self._uri_opener.send_mutant(fr)
  File "/usr/share/w3af/w3af/core/controllers/plugins/plugin.py", line 252, in meth
    return attr(*args, **kwargs)
  File "/usr/share/w3af/w3af/core/data/url/extended_urllib.py", line 359, in send_mutant
    res = functor(*args, **kwargs)
  File "/usr/share/w3af/w3af/core/data/url/extended_urllib.py", line 525, in __call__
    return self._xurllib._send(req, grep=grep)
  File "/usr/share/w3af/w3af/core/data/url/extended_urllib.py", line 575, in _send
    res = self._opener.open(req)
  File "/usr/lib/python2.7/urllib2.py", line 401, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 419, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 379, in _call_chain
    result = func(*args)
  File "/usr/share/w3af/w3af/core/data/url/handlers/keepalive/__init__.py", line 505, in https_open
    return self.do_open(req)
  File "/usr/share/w3af/w3af/core/data/url/handlers/keepalive/__init__.py", line 374, in do_open
    resp.read()
  File "/usr/share/w3af/w3af/core/data/url/handlers/keepalive/http_response.py", line 14, in new_read_meth
    return read_meth(inst)
  File "/usr/share/w3af/w3af/core/data/url/handlers/keepalive/http_response.py", line 151, in read
    self._multiread = self._raw_read()
  File "/usr/share/w3af/w3af/core/data/url/handlers/keepalive/http_response.py", line 100, in _raw_read
    s = self._safe_read(self.length)
  File "/usr/lib/python2.7/httplib.py", line 647, in _safe_read
    chunk = self.fp.read(min(amt, MAXAMOUNT))
  File "/usr/lib/python2.7/socket.py", line 380, in read
    data = self._sock.recv(left)
  File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 995, in recv
    self._raise_ssl_error(self._ssl, result)
  File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 851, in _raise_ssl_error
    raise ZeroReturnError()

Enabled Plugins

{'attack': {},
 'audit': {u'blind_sqli': <OptionList: eq_limit>,
           u'buffer_overflow': <OptionList: >,
           u'cors_origin': <OptionList: origin_header_value>,
           u'csrf': <OptionList: >,
           u'dav': <OptionList: >,
           u'eval': <OptionList: use_time_delay|use_echo>,
           u'file_upload': <OptionList: extensions>,
           u'format_string': <OptionList: >,
           u'frontpage': <OptionList: >,
           u'generic': <OptionList: diff_ratio>,
           u'global_redirect': <OptionList: >,
           u'htaccess_methods': <OptionList: >,
           u'ldapi': <OptionList: >,
           u'lfi': <OptionList: >,
           u'mx_injection': <OptionList: >,
           u'os_commanding': <OptionList: >,
           u'phishing_vector': <OptionList: >,
           u'preg_replace': <OptionList: >,
           u'redos': <OptionList: >,
           u'response_splitting': <OptionList: >,
           u'rfi': <OptionList: listen_address|listen_port|use_w3af_site>,
           u'sqli': <OptionList: >,
           u'ssi': <OptionList: >,
           u'ssl_certificate': <OptionList: minExpireDays|caFileName>,
           u'un_ssl': <OptionList: >,
           u'xpath': <OptionList: >,
           u'xss': <OptionList: persistent_xss>,
           u'xst': <OptionList: >},
 'auth': {},
 'bruteforce': {u'basic_auth': <OptionList: usersFile|passwdFile|useSvnUsers|stopOnFirst|passEqUser|useLeetPasswd|useEmails|useProfiling|profilingNumber|comboFile|comboSeparator>,
                u'form_auth': <OptionList: usersFile|passwdFile|useSvnUsers|stopOnFirst|passEqUser|useLeetPasswd|useEmails|useProfiling|profilingNumber|comboFile|comboSeparator>},
 'crawl': {u'web_spider': <OptionList: only_forward|follow_regex|ignore_regex>},
 'evasion': {},
 'grep': {u'analyze_cookies': <OptionList: >,
          u'blank_body': <OptionList: >,
          u'cache_control': <OptionList: >,
          u'click_jacking': <OptionList: >,
          u'code_disclosure': <OptionList: >,
          u'credit_cards': <OptionList: >,
          u'cross_domain_js': <OptionList: secure_js_file>,
          u'directory_indexing': <OptionList: >,
          u'dom_xss': <OptionList: >,
          u'dot_net_event_validation': <OptionList: >,
          u'error_500': <OptionList: >,
          u'error_pages': <OptionList: >,
          u'feeds': <OptionList: >,
          u'file_upload': <OptionList: >,
          u'form_autocomplete': <OptionList: >,
          u'get_emails': <OptionList: only_target_domain>,
          u'hash_analysis': <OptionList: >,
          u'html_comments': <OptionList: >,
          u'http_auth_detect': <OptionList: >,
          u'http_in_body': <OptionList: >,
          u'lang': <OptionList: >,
          u'meta_tags': <OptionList: >,
          u'motw': <OptionList: >,
          u'objects': <OptionList: >,
          u'oracle': <OptionList: >,
          u'password_profiling': <OptionList: >,
          u'path_disclosure': <OptionList: >,
          u'private_ip': <OptionList: >,
          u'ssn': <OptionList: >,
          u'strange_headers': <OptionList: >,
          u'strange_http_codes': <OptionList: >,
          u'strange_parameters': <OptionList: >,
          u'strange_reason': <OptionList: >,
          u'svn_users': <OptionList: >,
          u'symfony': <OptionList: override>,
          u'url_session': <OptionList: >,
          u'user_defined_regex': <OptionList: single_regex|regex_file_path>,
          u'wsdl_greper': <OptionList: >,
          u'xss_protection_header': <OptionList: >},
 'infrastructure': {u'afd': <OptionList: >,
                    u'allowed_methods': <OptionList: execOneTime|reportDavOnly>,
                    u'detect_reverse_proxy': <OptionList: >,
                    u'detect_transparent_proxy': <OptionList: >,
                    u'dns_wildcard': <OptionList: >,
                    u'domain_dot': <OptionList: >,
                    u'favicon_identification': <OptionList: >,
                    u'find_jboss': <OptionList: >,
                    u'find_vhosts': <OptionList: >,
                    u'fingerprint_WAF': <OptionList: >,
                    u'fingerprint_os': <OptionList: >,
                    u'frontpage_version': <OptionList: >,
                    u'halberd': <OptionList: >,
                    u'hmap': <OptionList: gen_fingerprint>,
                    u'http_vs_https_dist': <OptionList: httpPort|httpsPort>,
                    u'php_eggs': <OptionList: >,
                    u'server_header': <OptionList: >,
                    u'server_status': <OptionList: >},
 'mangle': {},
 'output': {u'console': <OptionList: verbose>,
            u'text_file': <OptionList: verbose|output_file|http_output_file>}}
andresriancho commented 9 years ago

Dup Add OpenSSL.SSL.ZeroReturnError to known exceptions #10862