search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.57k stars 1.22k forks source link

[Auto-Generated] Bug Report - (data_string, format)) #478

Closed 1d3df9903ad closed 11 years ago

1d3df9903ad commented 11 years ago

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id 145003441b

Version Information

  Python version: 2.7.3 (default, Jan  2 2013, 13:56:14) [GCC 4.7.2]
  GTK version: 2.24.10
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.5
    Revision: 8f4f094daf - 26 juin 2013 00:41
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running audit.ssl_certificate on "https://domain/ | Method: GET". The exception was: "time data 'Nov 18 23:59:59 2013 GMT' does not match format '%b %d %H:%M:%S %Y GMT'" at _strptime.py:_strptime():325.The full traceback is:
  File "/home/user/w3af/core/controllers/core_helpers/consumers/audit.py", line 111, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/home/user/w3af/core/controllers/plugins/audit_plugin.py", line 126, in audit_with_copy
    return self.audit(fuzzable_request.copy(), orig_resp)
  File "/home/user/w3af/plugins/audit/ssl_certificate.py", line 77, in audit
    self._analyze_ssl_cert(url, domain)
  File "/home/user/w3af/plugins/audit/ssl_certificate.py", line 156, in _analyze_ssl_cert
    exp_date = gmtime(ssl.cert_time_to_seconds(cert['notAfter']))
  File "/usr/lib/python2.7/ssl.py", line 393, in cert_time_to_seconds
    return time.mktime(time.strptime(cert_time, "%b %d %H:%M:%S %Y GMT"))
  File "/usr/lib/python2.7/_strptime.py", line 467, in _strptime_time
    return _strptime(data_string, format)[0]
  File "/usr/lib/python2.7/_strptime.py", line 325, in _strptime
    (data_string, format))

Enabled Plugins

{'attack': {},
 'audit': {u'blind_sqli': <OptionList: eq_limit>,
           u'buffer_overflow': <OptionList: >,
           u'cors_origin': <OptionList: origin_header_value>,
           u'csrf': <OptionList: >,
           u'dav': <OptionList: >,
           u'eval': <OptionList: use_time_delay|use_echo>,
           u'file_upload': <OptionList: extensions>,
           u'format_string': <OptionList: >,
           u'frontpage': <OptionList: >,
           u'generic': <OptionList: diff_ratio>,
           u'global_redirect': <OptionList: >,
           u'htaccess_methods': <OptionList: >,
           u'ldapi': <OptionList: >,
           u'lfi': <OptionList: >,
           u'mx_injection': <OptionList: >,
           u'os_commanding': <OptionList: >,
           u'phishing_vector': <OptionList: >,
           u'preg_replace': <OptionList: >,
           u'redos': <OptionList: >,
           u'response_splitting': <OptionList: >,
           u'rfi': <OptionList: listen_address|listen_port|use_w3af_site>,
           u'sqli': <OptionList: >,
           u'ssi': <OptionList: >,
           u'ssl_certificate': <OptionList: minExpireDays|caFileName>,
           u'un_ssl': <OptionList: >,
           u'xpath': <OptionList: >,
           u'xss': <OptionList: persistent_xss>,
           u'xst': <OptionList: >},
 'auth': {},
 'bruteforce': {},
 'crawl': {},
 'evasion': {},
 'grep': {'error_500': {}},
 'infrastructure': {'allowed_methods': {},
                    'frontpage_version': {},
                    'server_header': {}},
 'mangle': {},
 'output': {u'console': <OptionList: verbose>,
            u'csv_file': <OptionList: output_file>,
            u'export_requests': <OptionList: output_file>,
            u'html_file': <OptionList: output_file|verbose>,
            u'text_file': <OptionList: verbose|output_file|http_output_file>,
            u'xml_file': <OptionList: output_file>}}
andresriancho commented 11 years ago

Duplicates #477