about disable ssl cert check / accept low strength certificate encryption

[c2xusnpq6]

tsl1.0 --tlsv1.0 or -1 ?

$ curl -h | sed -ne '/--tlsv/p'
 -1, --tlsv1 Use TLSv1.0 or greater
     --tlsv1.0 Use TLSv1.0
     --tlsv1.1 Use TLSv1.1
     --tlsv1.2 Use TLSv1.2
     --tlsv1.3 Use TLSv1.3 

[shelld3v]

I think dirsearch disabled certificate check by default

[c2xusnpq6]

I think dirsearch disabled certificate check by default

or... how do i force the use of tls v1.0?

[shelld3v]

Well, it's not important, we can request without cert check, so tls v1.0 or no cert has no impact

[c2xusnpq6]

Well, it's not important, we can request without cert check, so tls v1.0 or no cert has no impact

but... i can't do the test... with this

[c2xusnpq6]

firefox: SEC_ERROR_UNKNOWN_ISSUER @shelld3v @maurosoria

[c2xusnpq6]

curl:

# curl -v "https://xx.xx.xx.xx/" -H "Host: xxxx.xx" -k
*   Trying xx.xx.xx.xx:443...
* Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

@shelld3v @maurosoria

[c2xusnpq6]

curl with -1:

curl -v "https://xx.xx.xx.xx/" -H "Host: hidden.hidden" -k -1
*   Trying xx.xx.xx.xx:443...
* Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / ECDHE-RSA-AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=CloudFlare, Inc.; OU=CloudFlare Origin CA; CN=CloudFlare Origin Certificate
*  start date: Oct  6 06:08:00 2020 GMT
*  expire date: Oct  3 06:08:00 2035 GMT
*  issuer: C=US; O=CloudFlare, Inc.; OU=CloudFlare Origin SSL Certificate Authority; L=San Francisco; ST=California
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> Host: hidden.hidden
> User-Agent: curl/7.72.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/7.hidden
< X-AspNet-Version: 2.0.hidden
< X-Powered-By: ASP.NET
< Date: Wed, 23 Dec 2020 07:55:33 GMT
< Content-Length: 2363
<

...

@shelld3v @maurosoria

[shelld3v]

I don't know what are you tesing?

[c2xusnpq6]

@shelld3v I need something like -1 and -k ^^''

 -1, --tlsv1         Use TLSv1.0 or greater
     --tlsv1.0       Use TLSv1.0 or greater
     --tlsv1.1       Use TLSv1.1 or greater
     --tlsv1.2       Use TLSv1.2 or greater
     --tlsv1.3       Use TLSv1.3 or greater

 -k, --insecure      Allow insecure server connections when using SSL

[shelld3v]

-k is available by default!

[shelld3v]

And I think -1 is not important

[c2xusnpq6]

I can't start the test, if I don't get -1 (Of course I tried before submitting here...)

[shelld3v]

I can't understand what you tried to say. If you select a low strength encryption certificate website and try brute-forcing it with dirsearch, you will see that it works fluently!!

[c2xusnpq6]

Of course I tried before submitting here...

[c2xusnpq6]

It needed to be TLS1.0...

[c2xusnpq6]

And I can't scan that old website with dirsearch...

[shelld3v]

And I can't scan that old website with dirsearch...

What is the error traceback?

[c2xusnpq6]

@shelld3v

sudo python3 dirsearch.py --max-retries 3 --random-user-agent --full-url -e hidden --timeout 10 -w "hidden" -r -R 10 -t 10 -u "https://xx.xx.xx.xx/"

  _|. _ _  _  _  _ _|_    v0.4.1
 (_||| _) (/_(_|| (_| )

Extensions: hidden | HTTP method: GET | Threads: 10 | Wordlist size: 278071

Error Log: /root/dirsearch/logs/errors-hidden.log

Target: https://xx.xx.xx.xx/

There was a problem in the request to: https://xx.xx.xx.xx:443/

Task Completed

[shelld3v]

Were you able to visit https://xx.xx.xx.xx:443/ from your browser?

[c2xusnpq6]

Were you able to visit https://xx.xx.xx.xx:443/ from your browser?

I told u before bro.... ^^'' it's ok, but you need to click the ~ignore button

Firefox: SEC_ERROR_UNKNOWN_ISSUER

[c2xusnpq6]

It needs -1 I pretty sure that…

[c2xusnpq6]

@shelld3v

[shelld3v]

I have no idea why should I do this! People haven't seen any problem with SSL in dirsearch for years, so I don't know why you are facing this. I even don't know is it an SSL problem or not, and how to fix this (I disabled cert check, what else to do?)! I maybe need to investigate more!!

[c2xusnpq6]

With and without -1: https://github.com/maurosoria/dirsearch/issues/676#issuecomment-749993128 https://github.com/maurosoria/dirsearch/issues/676#issuecomment-749994896

with -1: it works without -1: it doesn't

@shelld3v

[shelld3v]

Hi, sorry for being so late! I am trying to find a way to fix this.

[shelld3v]

Hi, can you give me any website that has a low strength certificate? So I can do more tests for my fix!!

[c2xusnpq6]

Hi, can you give me any website that has a low strength certificate? So I can do more tests for my fix!!

send me ur email addr then~ thx ^^

[oldlazycat]

Is the problem solved, and how?I have the same problem here, macos big sur, version 0.4.1, example: python dirsearch.py -u https://xx.x.x.x:8081/

|. | v0.4.1 (||| ) (/(|| (_| )

Extensions: php, asp, aspx, jsp, html, htm, js | HTTP method: GET | Threads: 20 | Wordlist size: 11793

Error Log: XXX/dirsearch-0.4.1-alpha/logs/errors-21-01-21_15-30-04.log

Target: https://xx.xx.xx.xx:8081/

There was a problem in the request to: https://xx.xx.xx.xx:8081

Task Completed

[shelld3v]

Hey @oldlazycat, I don't think port 8081 is served for HTTPS service! Try http://xx.xx.xx.xx:8081

[oldlazycat]

Hey @oldlazycat, I don't think port 8081 is served for HTTPS service! Try http://xx.xx.xx.xx:8081

It doesn't have to be port 443, you can specify any port, and it is https://xx.xx.xx.xx:8081

[shelld3v]

It doesn't have to be port 443, you can specify any port, and it is https://xx.xx.xx.xx:8081

Try opening https://xx.xx.xx.xx:8081 in your browser and you will know it is HTTP or HTTPS

[oldlazycat]

[c2xusnpq6]

bruh....

[shelld3v]

Hi, sorry, but I haven't found a fix that can fit all the requirements yet (this may need a lot of updates), and I am in my break, so I can't fix it now. I hope I can get back soon!! Meanwhile, you can hack other things, right ;)

Happy Lunar New Year! (not yet, but will be soon)

[c2xusnpq6]

it's fine~ thx ^^

[maurosoria]

Hello folks,

If you can give me at least one host with the same issue, I'd probably be able to fix it.

You can write me via email or twitter.

Regards, Mauro

[c2xusnpq6]

Hello folks,

If you can give me at least one host with the same issue, I'd probably be able to fix it.

You can write me via email or twitter.

Regards, Mauro

Can I get your email address? THX

[c2xusnpq6]

ping? @maurosoria

[maurosoria]

You should be able to see it in my profile

maurosoria at protonmail dot com

[c2xusnpq6]

https://stackoverflow.com/questions/62306296/how-to-use-tls-1-0-with-python-3-8

[shelld3v]

https://stackoverflow.com/questions/62306296/how-to-use-tls-1-0-with-python-3-8

From that link, you can fix this with pip install urllib3[secure]

[c2xusnpq6]

I'll take a look later, THX!

[c2xusnpq6]

# sudo python3 -m pip install urllib3[secure]
Requirement already satisfied: urllib3[secure] in /usr/local/lib/python3.9/dist-packages (1.24.3)
Requirement already satisfied: certifi in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (2020.12.5)
Requirement already satisfied: ipaddress in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (1.0.23)
Requirement already satisfied: idna>=2.0.0 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (2.8)
Requirement already satisfied: cryptography>=1.3.4 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (3.3.1)
Requirement already satisfied: pyOpenSSL>=0.14 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (20.0.1)
Requirement already satisfied: six>=1.4.1 in /usr/local/lib/python3.9/dist-packages (from cryptography>=1.3.4->urllib3[secure]) (1.15.0)
Requirement already satisfied: cffi>=1.12 in /usr/local/lib/python3.9/dist-packages (from cryptography>=1.3.4->urllib3[secure]) (1.14.4)
Requirement already satisfied: pycparser in /usr/local/lib/python3.9/dist-packages (from cffi>=1.12->cryptography>=1.3.4->urllib3[secure]) (2.20)

🤔

[shelld3v]

Hi @c2xusnpq6, sorry for the late response.

Look at this: https://stackoverflow.com/a/38502727/12238982

I'm suspecting that the issue you facing does not relate to SSL/TLS. @c2xusnpq6 @oldlazycat If one of u can give me the target, I will be happy and try my best to solve your problems.

Thanks

[shelld3v]

Hi @c2xusnpq6, I have delayed for so long, so made a fix locally. But I need to test this fix first, can you give a target that uses TLSv1?

[c2xusnpq6]

I'm sorry, I forgot the target IP... maybe next time... you can close this issue😅thx

[shelld3v]

No problem, I will keep this issue open until you find that IP

[adfoster-r7]

I ran into this issue against an older iis server; you can replicate the issue locally by setting up a tls1 server:

# Create certs:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes

# Create a tls1 only server with openssl:
openssl s_server -key key.pem -cert cert.pem -accept 44330 -www -tls1

Verify curl works with the explicit tls1 flag:

curl -v https://localhost:44330/ -k --tlsv1

Example of the dirsearch error when scanning the tls1 server:

Target: https://localhost:44330/                                                                           

SSL Error connecting to server. Try the -b flag to connect by hostname

Task Completed

Work around patch I applied locally to make it work (on a slightly older dirsearch version):

diff --git a/lib/connection/Requester.py b/lib/connection/Requester.py
index c3b2068..de08517 100755
--- a/lib/connection/Requester.py
+++ b/lib/connection/Requester.py
@@ -26,9 +26,21 @@ import urllib.parse
 import urllib.request

 import thirdparty.requests as requests
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.poolmanager import PoolManager
 from .RequestException import *
 from .Response import *
+import ssl

+import urllib3
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+class MyAdapter(HTTPAdapter):
+    def init_poolmanager(self, connections, maxsize, block=False):
+        self.poolmanager = PoolManager(num_pools=connections,
+                                       maxsize=maxsize,
+                                       block=block,
+                                       ssl_version=ssl.PROTOCOL_TLSv1)

 class Requester(object):
     headers = {
@@ -111,6 +123,7 @@ class Requester(object):
         self.randomAgents = None
         self.requestByHostname = requestByHostname
         self.session = requests.Session()
+        self.session.mount('https://', MyAdapter())

     def setHeader(self, header, content):
         self.headers[header] = content

[shelld3v]

@adfoster-r7 Thanks for your effort, I have actually made the same fix locally already but haven't pushed it to the code yet because I didn't have any target to test, now I can:)

[shelld3v]

@adfoster-r7 Do you know how to host a TLSv1.2-only server?