Open c2xusnpq6 opened 3 years ago
I think dirsearch disabled certificate check by default
I think dirsearch disabled certificate check by default
or... how do i force the use of tls v1.0?
Well, it's not important, we can request without cert check, so tls v1.0 or no cert has no impact
Well, it's not important, we can request without cert check, so tls v1.0 or no cert has no impact
but... i can't do the test... with this
firefox: SEC_ERROR_UNKNOWN_ISSUER
@shelld3v @maurosoria
curl:
# curl -v "https://xx.xx.xx.xx/" -H "Host: xxxx.xx" -k
* Trying xx.xx.xx.xx:443...
* Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
@shelld3v @maurosoria
curl with -1
:
curl -v "https://xx.xx.xx.xx/" -H "Host: hidden.hidden" -k -1
* Trying xx.xx.xx.xx:443...
* Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / ECDHE-RSA-AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: O=CloudFlare, Inc.; OU=CloudFlare Origin CA; CN=CloudFlare Origin Certificate
* start date: Oct 6 06:08:00 2020 GMT
* expire date: Oct 3 06:08:00 2035 GMT
* issuer: C=US; O=CloudFlare, Inc.; OU=CloudFlare Origin SSL Certificate Authority; L=San Francisco; ST=California
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> Host: hidden.hidden
> User-Agent: curl/7.72.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/7.hidden
< X-AspNet-Version: 2.0.hidden
< X-Powered-By: ASP.NET
< Date: Wed, 23 Dec 2020 07:55:33 GMT
< Content-Length: 2363
<
...
@shelld3v @maurosoria
I don't know what are you tesing?
@shelld3v I need something like -1
and -k
^^''
-1, --tlsv1 Use TLSv1.0 or greater
--tlsv1.0 Use TLSv1.0 or greater
--tlsv1.1 Use TLSv1.1 or greater
--tlsv1.2 Use TLSv1.2 or greater
--tlsv1.3 Use TLSv1.3 or greater
-k, --insecure Allow insecure server connections when using SSL
-k
is available by default!
And I think -1
is not important
I can't start the test, if I don't get -1
(Of course I tried before submitting here...)
I can't understand what you tried to say. If you select a low strength encryption certificate website and try brute-forcing it with dirsearch, you will see that it works fluently!!
Of course I tried before submitting here...
It needed to be TLS1.0
...
And I can't scan that old website with dirsearch
...
And I can't scan that old website with
dirsearch
...
What is the error traceback?
@shelld3v
sudo python3 dirsearch.py --max-retries 3 --random-user-agent --full-url -e hidden --timeout 10 -w "hidden" -r -R 10 -t 10 -u "https://xx.xx.xx.xx/"
_|. _ _ _ _ _ _|_ v0.4.1
(_||| _) (/_(_|| (_| )
Extensions: hidden | HTTP method: GET | Threads: 10 | Wordlist size: 278071
Error Log: /root/dirsearch/logs/errors-hidden.log
Target: https://xx.xx.xx.xx/
There was a problem in the request to: https://xx.xx.xx.xx:443/
Task Completed
Were you able to visit https://xx.xx.xx.xx:443/ from your browser?
Were you able to visit https://xx.xx.xx.xx:443/ from your browser?
I told u before bro.... ^^'' it's ok, but you need to click the ~ignore
button
Firefox:
SEC_ERROR_UNKNOWN_ISSUER
It needs -1
I pretty sure that…
@shelld3v
I have no idea why should I do this! People haven't seen any problem with SSL in dirsearch for years, so I don't know why you are facing this. I even don't know is it an SSL problem or not, and how to fix this (I disabled cert check, what else to do?)! I maybe need to investigate more!!
With and without -1
:
https://github.com/maurosoria/dirsearch/issues/676#issuecomment-749993128
https://github.com/maurosoria/dirsearch/issues/676#issuecomment-749994896
with -1
: it works
without -1
: it doesn't
@shelld3v
Hi, sorry for being so late! I am trying to find a way to fix this.
Hi, can you give me any website that has a low strength certificate? So I can do more tests for my fix!!
Hi, can you give me any website that has a low strength certificate? So I can do more tests for my fix!!
send me ur email addr then~ thx ^^
Is the problem solved, and how?I have the same problem here, macos big sur, version 0.4.1, example: python dirsearch.py -u https://xx.x.x.x:8081/
|. | v0.4.1 (||| ) (/(|| (_| )
Extensions: php, asp, aspx, jsp, html, htm, js | HTTP method: GET | Threads: 20 | Wordlist size: 11793
Error Log: XXX/dirsearch-0.4.1-alpha/logs/errors-21-01-21_15-30-04.log
Target: https://xx.xx.xx.xx:8081/
There was a problem in the request to: https://xx.xx.xx.xx:8081
Task Completed
Hey @oldlazycat, I don't think port 8081 is served for HTTPS service! Try http://xx.xx.xx.xx:8081
Hey @oldlazycat, I don't think port 8081 is served for HTTPS service! Try
http://xx.xx.xx.xx:8081
It doesn't have to be port 443, you can specify any port, and it is https://xx.xx.xx.xx:8081
It doesn't have to be port 443, you can specify any port, and it is https://xx.xx.xx.xx:8081
Try opening https://xx.xx.xx.xx:8081 in your browser and you will know it is HTTP or HTTPS
bruh....
Hi, sorry, but I haven't found a fix that can fit all the requirements yet (this may need a lot of updates), and I am in my break, so I can't fix it now. I hope I can get back soon!! Meanwhile, you can hack other things, right ;)
Happy Lunar New Year! (not yet, but will be soon)
it's fine~ thx ^^
Hello folks,
If you can give me at least one host with the same issue, I'd probably be able to fix it.
You can write me via email or twitter.
Regards, Mauro
Hello folks,
If you can give me at least one host with the same issue, I'd probably be able to fix it.
You can write me via email or twitter.
Regards, Mauro
Can I get your email address? THX
ping? @maurosoria
You should be able to see it in my profile
maurosoria at protonmail dot com
https://stackoverflow.com/questions/62306296/how-to-use-tls-1-0-with-python-3-8
From that link, you can fix this with pip install urllib3[secure]
I'll take a look later, THX!
# sudo python3 -m pip install urllib3[secure]
Requirement already satisfied: urllib3[secure] in /usr/local/lib/python3.9/dist-packages (1.24.3)
Requirement already satisfied: certifi in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (2020.12.5)
Requirement already satisfied: ipaddress in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (1.0.23)
Requirement already satisfied: idna>=2.0.0 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (2.8)
Requirement already satisfied: cryptography>=1.3.4 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (3.3.1)
Requirement already satisfied: pyOpenSSL>=0.14 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (20.0.1)
Requirement already satisfied: six>=1.4.1 in /usr/local/lib/python3.9/dist-packages (from cryptography>=1.3.4->urllib3[secure]) (1.15.0)
Requirement already satisfied: cffi>=1.12 in /usr/local/lib/python3.9/dist-packages (from cryptography>=1.3.4->urllib3[secure]) (1.14.4)
Requirement already satisfied: pycparser in /usr/local/lib/python3.9/dist-packages (from cffi>=1.12->cryptography>=1.3.4->urllib3[secure]) (2.20)
🤔
Hi @c2xusnpq6, sorry for the late response.
Look at this: https://stackoverflow.com/a/38502727/12238982
I'm suspecting that the issue you facing does not relate to SSL/TLS. @c2xusnpq6 @oldlazycat If one of u can give me the target, I will be happy and try my best to solve your problems.
Thanks
Hi @c2xusnpq6, I have delayed for so long, so made a fix locally. But I need to test this fix first, can you give a target that uses TLSv1?
I'm sorry, I forgot the target IP... maybe next time... you can close this issue😅thx
No problem, I will keep this issue open until you find that IP
I ran into this issue against an older iis server; you can replicate the issue locally by setting up a tls1 server:
# Create certs:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
# Create a tls1 only server with openssl:
openssl s_server -key key.pem -cert cert.pem -accept 44330 -www -tls1
Verify curl
works with the explicit tls1 flag:
curl -v https://localhost:44330/ -k --tlsv1
Example of the dirsearch error when scanning the tls1 server:
Target: https://localhost:44330/
SSL Error connecting to server. Try the -b flag to connect by hostname
Task Completed
Work around patch I applied locally to make it work (on a slightly older dirsearch version):
diff --git a/lib/connection/Requester.py b/lib/connection/Requester.py
index c3b2068..de08517 100755
--- a/lib/connection/Requester.py
+++ b/lib/connection/Requester.py
@@ -26,9 +26,21 @@ import urllib.parse
import urllib.request
import thirdparty.requests as requests
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.poolmanager import PoolManager
from .RequestException import *
from .Response import *
+import ssl
+import urllib3
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+class MyAdapter(HTTPAdapter):
+ def init_poolmanager(self, connections, maxsize, block=False):
+ self.poolmanager = PoolManager(num_pools=connections,
+ maxsize=maxsize,
+ block=block,
+ ssl_version=ssl.PROTOCOL_TLSv1)
class Requester(object):
headers = {
@@ -111,6 +123,7 @@ class Requester(object):
self.randomAgents = None
self.requestByHostname = requestByHostname
self.session = requests.Session()
+ self.session.mount('https://', MyAdapter())
def setHeader(self, header, content):
self.headers[header] = content
@adfoster-r7 Thanks for your effort, I have actually made the same fix locally already but haven't pushed it to the code yet because I didn't have any target to test, now I can:)
@adfoster-r7 Do you know how to host a TLSv1.2-only server?
tsl1.0
--tlsv1.0
or-1
?