Open FIXERMAN opened 8 months ago
I'm actively coming up against this same thing on a web server using a self-signed certificate. I don't know if there is actively a flag you can set to do this, however, my attack plan is to change all of the requests
calls to use the parameter verify=False
which should bypass the self-signed cert failure. Hope this helps!
I'm actively coming up against this same thing on a web server using a self-signed certificate. I don't know if there is actively a flag you can set to do this, however, my attack plan is to change all of the
requests
calls to use the parameterverify=False
which should bypass the self-signed cert failure. Hope this helps!
Did you end up doing this? Was going to try this, but I foresee it being a bit of a pain in the ass...
I'm actively coming up against this same thing on a web server using a self-signed certificate. I don't know if there is actively a flag you can set to do this, however, my attack plan is to change all of the
requests
calls to use the parameterverify=False
which should bypass the self-signed cert failure. Hope this helps!Did you end up doing this? Was going to try this, but I foresee it being a bit of a pain in the ass...
I did and while yes a pain in the butt, I was able to get through all the changes in about 30 minutes with Ctrl + F. It does work after doing this though so worth it I suppose.
I'm actively coming up against this same thing on a web server using a self-signed certificate. I don't know if there is actively a flag you can set to do this, however, my attack plan is to change all of the
requests
calls to use the parameterverify=False
which should bypass the self-signed cert failure. Hope this helps!Did you end up doing this? Was going to try this, but I foresee it being a bit of a pain in the ass...
I did and while yes a pain in the butt, I was able to get through all the changes in about 30 minutes with Ctrl + F. It does work after doing this though so worth it I suppose.
Did you only have to change all the .get() and .post() request session object methods or were there others that one might not expect? Times like these I wish I was a sed/awk master, or that I could get certifi do do something like this.
Spent way to much time trying to set up and nginx rev-proxy to trick pwnPSS int trustingly test lab cert, but I think the concept was wrong-headed from the start.
[20:42:01] [CRITICAL] Internal error: HTTPSConnectionPool(host='cfm.etisalat.ae', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1007)'))) Traceback (most recent call last): File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 597, in urlopen httplib_response = self._make_request(conn, method, url, File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn conn.connect() File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/connection.py", line 337, in connect self.sock = ssl_wrapsocket( File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/util/ssl.py", line 345, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1071, in _create self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake self._sslobj.do_handshake()
how can I get around this? type -from -do not check certificate