search

olacabs / jackhammer

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
https://jch.olacabs.com/userguide
Other
718 stars 162 forks source link

Http -> Https #11

Open NitescuLucian opened 7 years ago

NitescuLucian commented 7 years ago

How can I enable HTTPS for the jackhammer?

kmadhusudhan commented 7 years ago

add config.force_ssl = true inside class block in web/app/config/application.rb. refer this https://simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/

NitescuLucian commented 7 years ago

Thanks!

NitescuLucian commented 7 years ago

@KMadhuSudhan the proposed solution is not working. Are you sure?

NitescuLucian commented 7 years ago 
web_1      | 2017-05-12 18:04:40 +0000: HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
web_1      | 2017-05-12 18:04:40 +0000: ENV: {"rack.version"=>[1, 3], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "SCRIPT_NAME"=>"", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"2.14.0", "GATEWAY_INTERFACE"=>"CGI/1.2"}
web_1      | ---
web_1      | 2017-05-12 18:04:40 +0000: HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
web_1      | 2017-05-12 18:04:40 +0000: ENV: {"rack.version"=>[1, 3], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "SCRIPT_NAME"=>"", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"2.14.0", "GATEWAY_INTERFACE"=>"CGI/1.2"}
web_1      | ---
web_1      | 2017-05-12 18:04:41 +0000: HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
web_1      | 2017-05-12 18:04:41 +0000: ENV: {"rack.version"=>[1, 3], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "SCRIPT_NAME"=>"", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"2.14.0", "GATEWAY_INTERFACE"=>"CGI/1.2"}
web_1      | ---
web_1      | 2017-05-12 18:04:41 +0000: HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
web_1      | 2017-05-12 18:04:41 +0000: ENV: {"rack.version"=>[1, 3], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "SCRIPT_NAME"=>"", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"2.14.0", "GATEWAY_INTERFACE"=>"CGI/1.2"}
web_1      | ---
web_1      | 2017-05-12 18:04:44 +0000: HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
web_1      | 2017-05-12 18:04:44 +0000: ENV: {"rack.version"=>[1, 3], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "SCRIPT_NAME"=>"", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"2.14.0", "GATEWAY_INTERFACE"=>"CGI/1.2"}
web_1      | ---
web_1      | 2017-05-12 18:04:44 +0000: HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
web_1      | 2017-05-12 18:04:44 +0000: ENV: {"rack.version"=>[1, 3], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "SCRIPT_NAME"=>"", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"2.14.0", "GATEWAY_INTERFACE"=>"CGI/1.2"}
web_1      | ---
NitescuLucian commented 7 years ago

If I curl over https to the server I get:

curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

ionicpanda commented 7 years ago

Try this on for size! :) https://gist.github.com/schneikai/9171887