Open Hax0rG1rl opened 8 years ago
The first message is just a warning where the script is not specifically validating the certificate. It should still run regardless.
The real error is the index out of range issue. Can you give me the full command line you used? It looks like there is something different with the JNLP file which my script does not handle correctly so it would help if I had a copy to test with.
Right. So, into an end I got the jar file(s) manually actually.
Because is a pentest and there is a NDR agreement, I'm not sure will be able to provide what you have requested. Will think about a workaround though which will give you the possibility to access that jnlp file.
Cheers,
-j
Understood. Is there a way for you to download and modify the jnlp file such that any customer information is redacted (links, names, etc)?
Yeah, that option would be the one which I have to check out.
Hi buddy,
I just can't provide that file. Can't strip off everything so you can close the issue now. Will use the tool with next assessment and will come back eventually.
Cheers,
-J
Ok, thanks for letting me know. I will leave this open until I can track down the difference in formatting that is causing this problem.
Unfortunately, I have only needed this on a handful of assessments and thus haven't had this issue and am unsure how to recreate it without an offending .jnlp file.
Thanks for at least noting the issue.
Hi,
Got the following issue with testing a SSL site.
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connectionpool.py:789: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. InsecureRequestWarning) Traceback (most recent call last): File "jnlpdownloader.py", line 146, in
jnlpfile = jars.get('href').rsplit('/')[1]
IndexError: list index out of range
"
Apparently SSL support has to be added with the original code(?)
https://urllib3.readthedocs.org/en/latest/security.html
Didn't have time to do it myself due of my personal workload.
Do you have a workaround for this?
Cheers,
-J