pablosnt
commented
2 years ago Hello @genericcontributor, can you help me with that? Thank you in advance
Closed pablosnt closed 1 year ago
pablosnt
commented
2 years ago Hello @genericcontributor, can you help me with that? Thank you in advance
mcdonnnj
commented
1 year ago @pablosnt I do not believe interact.sh offers HTTPS connectivity. I am only able to connect via HTTP in Firefox and curl has the same result:
$ curl https://interact.sh
curl: (28) Failed to connect to interact.sh port 443 after 130948 ms: Connection timed out
$ curl http://interact.sh
<h1> Interactsh Server </h1>
<a href='https://github.com/projectdiscovery/interactsh'><b>Interactsh</b></a> is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions.<br><br>
If you notice any interactions from <b>*.interact.sh</b> in your logs, it's possible that someone (internal security engineers, pen-testers, bug-bounty hunters) has been testing your application.<br><br>
You should investigate the sites where these interactions were generated from, and if a vulnerability exists, examine the root cause and take the necessary steps to mitigate the issue.Do you have an example that you can connect to otherwise but are unable to connect to using this tool?
pablosnt
commented
1 year ago Yes, you are right. But the problem is in this line because it's using HTTPS and the default self.server is interact.sh:
So, by default, it doesn't work.
🐛 Summary
What's wrong? Please be specific.
Connection timeout error during log4j-scanner execution. Of course, I have connectivity with the target.
Steps to reproduce the behavior:
python3 log4-scanner/log4j-scan.py -u https://hostAny helpful log output or screenshots