Open hachuping123 opened 6 days ago
I just tested it on my machine - there it seemed to work in general. Maybe it's an issue that only pops up on specific hosts - can you share what you were scanning? Otherwise can you share the whole error message?
I just received the same error. I cannot share the target but here's the "whole" (had to truncate it because of its length, but it's always the same Exception) error message:
INFO : ThreadedScanJobExecutor - Invalid curve probe executed
INFO : ThreadedScanJobExecutor - Finished scan
ERROR: ScanReportSerializer - Could not serialize scan report
com.fasterxml.jackson.databind.JsonMappingException: Document nesting depth (1001) exceeds the maximum allowed (1000, from `StreamWriteConstraints.getMaxNestingDepth()`) (through reference chain: de.rub.nds.tlsscanner.serverscanner.report.ServerReport["results"]->java.util.Collections$UnmodifiableMap["NO_MAC_CHECK_TICKET"]->de.rub.nds.tlsscanner.serverscanner.probe.result.VersionDependentSummarizableResult["resultMap"]->java.util.EnumMap["TLS12"]->de.rub.nds.tlsscanner.serverscanner.probe.result.sessionticket.TicketManipulationResult["responses"]->java.util.HashMap["0"]->de.rub.nds.tlsscanner.core.vector.VectorResponse["fingerprint"]->de.rub.nds.tlsscanner.core.vector.response.ResponseFingerprint["messageList"]->java.util.ArrayList[0]->de.rub.nds.tlsattacker.core.protocol.message.ServerHelloMessage["extensions"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHol...>de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["allModifiableVariableHolders"]->java.util.LinkedList[0]->de.rub.nds.tlsattacker.core.protocol.message.extension.RenegotiationInfoExtensionMessage["extensionType"])
at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:402)
at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:361)
at com.fasterxml.jackson.databind.ser.std.StdSerializer.wrapAndThrow(StdSerializer.java:323)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:778)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:184)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serializeContents(CollectionSerializer.java:145)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:107)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:25)
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:732)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:770)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:184)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serializeContents(CollectionSerializer.java:145)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:107)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:25)
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:732)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:770)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:184)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serializeContents(CollectionSerializer.java:145)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:107)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:25)
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:732)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:770)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:184)
...
Caused by: com.fasterxml.jackson.core.exc.StreamConstraintsException: Document nesting depth (1001) exceeds the maximum allowed (1000, from `StreamWriteConstraints.getMaxNestingDepth()`)
at com.fasterxml.jackson.core.StreamWriteConstraints._constructException(StreamWriteConstraints.java:177)
at com.fasterxml.jackson.core.StreamWriteConstraints.validateNestingDepth(StreamWriteConstraints.java:162)
at com.fasterxml.jackson.core.json.UTF8JsonGenerator.writeStartObject(UTF8JsonGenerator.java:398)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:180)
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:732)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:770)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:184)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serializeContents(CollectionSerializer.java:145)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:107)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:25)
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:732)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:770)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:184)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serializeContents(CollectionSerializer.java:145)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:107)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:25)
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:732)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:770)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:184)
...
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:732)
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:770)
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:184)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serializeContents(CollectionSerializer.java:145)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:107)
at com.fasterxml.jackson.databind.ser.std.CollectionSerializer.serialize(CollectionSerializer.java:25)
INFO : Main - Scanned in: 10213s
I don't know if it's related but this scan took reaally really long after the printing of "Session ticket manipulation probe executed" (way over 60 Minutes) until it threw the following error
INFO : ThreadedScanJobExecutor - Session ticket manipulation probe executed
Exception in thread "dnsjava NIO selector" java.lang.OutOfMemoryError: Java heap space
at java.base/java.util.HashMap$KeySet.iterator(HashMap.java:913)
at java.base/java.util.HashSet.iterator(HashSet.java:173)
at java.base/sun.nio.ch.Util$2.iterator(Util.java:352)ERROR: SessionTicketPaddingOracleProbe - Could not scan SessionTickets Padding Oracle for version TLS12
java.lang.RuntimeException: Failed to execute tasks!
at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteTasks(ParallelExecutor.java:139)
at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketPaddingOracleProbe.createVectorResponseList(SessionTicketPaddingOracleProbe.java:375)
at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketPaddingOracleProbe.createInformationLeakTest(SessionTicketPaddingOracleProbe.java:349)
at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketPaddingOracleProbe.checkPaddingOracle(SessionTicketPaddingOracleProbe.java:242)
at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketPaddingOracleProbe.executeTest(SessionTicketPaddingOracleProbe.java:155)
at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.util.concurrent.ExecutionException: java.lang.OutOfMemoryError: Java heap space
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteTasks(ParallelExecutor.java:137)
... 11 more
Caused by: java.lang.OutOfMemoryError: Java heap space
at java.base/java.lang.StringLatin1.toUpperCase(StringLatin1.java:483)
at java.base/java.lang.String.toUpperCase(String.java:2584)
at java.base/java.util.Formatter$FormatSpecifier.toUpperCaseWithLocale(Formatter.java:3062)
at java.base/java.util.Formatter$FormatSpecifier.print(Formatter.java:3286)
at java.base/java.util.Formatter$FormatSpecifier.print(Formatter.java:3215)
at java.base/java.util.Formatter$FormatSpecifier.printInteger(Formatter.java:2928)
at java.base/java.util.Formatter$FormatSpecifier.print(Formatter.java:2892)
at java.base/java.util.Formatter.format(Formatter.java:2673)
at java.base/java.util.Formatter.format(Formatter.java:2609)
at java.base/java.lang.String.format(String.java:2897)
at de.rub.nds.modifiablevariable.util.ArrayConverter.bytesToHexString(ArrayConverter.java:164)
at de.rub.nds.modifiablevariable.util.ArrayConverter.bytesToHexString(ArrayConverter.java:143)
at de.rub.nds.modifiablevariable.util.ArrayConverter.bytesToHexString(ArrayConverter.java:136)
at de.rub.nds.asn1.parser.ParserHelper.parseBitStringContent(ParserHelper.java:469)
at de.rub.nds.asn1.parser.ParserHelper.parseAsn1BitString(ParserHelper.java:331)
at de.rub.nds.x509attacker.x509.parser.PublicKeyBitStringParser.parse(PublicKeyBitStringParser.java:37)
at de.rub.nds.x509attacker.x509.parser.SubjectPublicKeyInfoParser.parseSubcomponents(SubjectPublicKeyInfoParser.java:33)
at de.rub.nds.x509attacker.x509.parser.X509ComponentContainerParser.parseContent(X509ComponentContainerParser.java:35)
at de.rub.nds.x509attacker.x509.parser.X509ComponentFieldParser.parse(X509ComponentFieldParser.java:38)
at de.rub.nds.x509attacker.x509.parser.TbsCertificateParser.parseSubjectPublicKey(TbsCertificateParser.java:92)
at de.rub.nds.x509attacker.x509.parser.TbsCertificateParser.parseSubcomponents(TbsCertificateParser.java:39)
at de.rub.nds.x509attacker.x509.parser.X509ComponentContainerParser.parseContent(X509ComponentContainerParser.java:35)
at de.rub.nds.x509attacker.x509.parser.X509ComponentFieldParser.parse(X509ComponentFieldParser.java:38)
at de.rub.nds.x509attacker.x509.parser.X509CertificateParser.parseTbsCertificate(X509CertificateParser.java:48)
at de.rub.nds.x509attacker.x509.parser.X509CertificateParser.parseSubcomponents(X509CertificateParser.java:29)
at de.rub.nds.x509attacker.x509.parser.X509ComponentContainerParser.parseContent(X509ComponentContainerParser.java:35)
at de.rub.nds.x509attacker.x509.parser.X509ComponentFieldParser.parse(X509ComponentFieldParser.java:38)
at de.rub.nds.tlsattacker.core.protocol.parser.cert.CertificateEntryParser.parseX509Certificate(CertificateEntryParser.java:105)
at de.rub.nds.tlsattacker.core.protocol.parser.CertificateMessageParser.parseCertificateList(CertificateMessageParser.java:114)
at de.rub.nds.tlsattacker.core.protocol.parser.CertificateMessageParser.parse(CertificateMessageParser.java:49)
at de.rub.nds.tlsattacker.core.protocol.parser.CertificateMessageParser.parse(CertificateMessageParser.java:23)
at de.rub.nds.tlsattacker.core.layer.impl.MessageLayer.readHandshakeProtocolData(MessageLayer.java:364)
at org.xbill.DNS.NioClient.processReadyKeys(NioClient.java:177)
at org.xbill.DNS.NioClient.runSelector(NioClient.java:134)
at org.xbill.DNS.NioClient$$Lambda$355/0x00000008404c1440.run(Unknown Source)
at java.base/java.lang.Thread.run(Thread.java:829)
INFO : ThreadedScanJobExecutor - Session ticket padding oracle probe executed
INFO : ThreadedScanJobExecutor - Session ticket collector for afterprobe probe executed
INFO : ThreadedScanJobExecutor - Named groups order probe executed
WARN : TlsServerProbe - Was unable to get results for TLS12>SECP256R1>UNCOMPRESSED>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Message: null
WARN : TlsServerProbe - Was unable to get results for TLS12>SECP384R1>UNCOMPRESSED>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Message: null
WARN : TlsServerProbe - Was unable to get results for TLS12>SECP521R1>UNCOMPRESSED>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Message: null
WARN : TlsServerProbe - Was unable to get results for TLS13>SECP256R1>UNCOMPRESSED>TLS_AES_128_GCM_SHA256 Message: null
WARN : TlsServerProbe - Was unable to get results for TLS13>SECP384R1>UNCOMPRESSED>TLS_AES_128_GCM_SHA256 Message: null
WARN : TlsServerProbe - Was unable to get results for TLS13>SECP521R1>UNCOMPRESSED>TLS_AES_128_GCM_SHA256 Message: null
INFO : ThreadedScanJobExecutor - Invalid curve probe executed
INFO : ThreadedScanJobExecutor - Finished scan
ERROR: ScanReportSerializer - Could not serialize scan report
com.fasterxml.jackson.databind.JsonMappingException: Document nesting depth (1001) exce....
Here I ran it again for the same target. This time TLS Scanner crashed before finishing the scan
INFO : ThreadedScanJobExecutor - Session ticket probe executed
INFO : ThreadedScanJobExecutor - Session ticket manipulation probe executed
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "dnsjava NIO selector"
ERROR: ThreadedScanJobExecutor - Some probe execution failed
java.util.concurrent.ExecutionException: java.lang.OutOfMemoryError: Java heap space
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.executeProbesTillNoneCanBeExecuted(ThreadedScanJobExecutor.java:112)
at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.execute(ThreadedScanJobExecutor.java:82)
at de.rub.nds.scanner.core.execution.Scanner.scan(Scanner.java:159)
at de.rub.nds.tlsscanner.serverscanner.Main.main(Main.java:44)
Caused by: java.lang.OutOfMemoryError: Java heap space
Exception in thread "main" java.lang.RuntimeException: java.util.concurrent.ExecutionException: java.lang.OutOfMemoryError: Java heap space
at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.executeProbesTillNoneCanBeExecuted(ThreadedScanJobExecutor.java:116)
at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.execute(ThreadedScanJobExecutor.java:82)
at de.rub.nds.scanner.core.execution.Scanner.scan(Scanner.java:159)
at de.rub.nds.tlsscanner.serverscanner.Main.main(Main.java:44)
Caused by: java.util.concurrent.ExecutionException: java.lang.OutOfMemoryError: Java heap space
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.executeProbesTillNoneCanBeExecuted(ThreadedScanJobExecutor.java:112)
... 3 more
Caused by: java.lang.OutOfMemoryError: Java heap space
WARN : SessionTicketCollectingProbe - Could not collect SessionTickets for version TLS12
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketCollectingProbe.collectTickets(SessionTicketCollectingProbe.java:62)
at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketCollectingProbe.executeTest(SessionTicketCollectingProbe.java:36)
at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
WARN : SessionTicketCollectingProbe - Could not collect SessionTickets for version TLS13
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketCollectingProbe.collectTickets(SessionTicketCollectingProbe.java:62)
at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketCollectingProbe.executeTest(SessionTicketCollectingProbe.java:36)
at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Thanks for sharing these - they indeed hint at some issues in the new session tickets probes. @XoMEX do you have an idea what could cause this?
I am getting an error that says : ERROR: ScanReportSerializer - Could not serialize scan report com.fasterxml.jackson.databind.JsonMappingException: Document nesting depth (1001) exceeds the maximum allowed .....
I wonder if I'm the only one experiencing this error.