pycurl failing to resolve host

[digininja]

I've had this problem with quite a few domains, pycurl isn't ale to resolve the host I specify:

$ ./wfuzz.py --hc 404 -z file,wordlist/general/common.txt https://a.b.co.uk/FUZZ/ 
********************************************************
* Wfuzz 2.1.3 - The Web Bruteforcer                      *
********************************************************

Target: https://a.b.co.uk/FUZZ/
Total requests: 950

==================================================================
ID      Response   Lines      Word         Chars          Request
==================================================================

Fatal exception: Pycurl error 6: Could not resolve host: a.b.co.uk

None

dig and nslookup works fine, my resolve.conf is pointing at Google, ping picks up the IP correctly.

The only way I can get the app to run is to add the entry to my hosts file, then it runs without a problem.

I doubt that this is a wfuzz problem but wondering if you have seen this problem and have a solution for it, my hosts file is filling up!

[xmendez]

I have not seen this problem before. Can you provide an example so I can try to debug the issue?

[digininja]

I'll try to find a public domain that fails, can't send the client ones over. Oddly it wasn't failing on everything last time I checked otherwise I'd just assume pycurl was broken.

On Thu, 12 May 2016 at 14:45 Xavi Mendez notifications@github.com wrote:

I have not seen this problem before. Can you provide an example so I can try to debug the issue?

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/xmendez/wfuzz/issues/18#issuecomment-218761570

[jstnkndy]

I've seen several instances where wfuzz crashes and exists due to an issue with a single host. For example:

Fatal exception: Pycurl error 52: Empty reply from server

Seems like more of a architectural issue where a single bad job shouldn't prevent wfuzz from continuing on in the queue.

[xmendez]

You can use -Z to continue scanning the website ignoring errors. Are you scanning an SSL site or through a proxy?

[jstnkndy]

That works great, thanks!

[xmendez]

Cool. If it is a site that you can share it will be great to get the URL to see where the error comes from. Cheers.

[jstnkndy]

Follow me on twitter and I'll send it over. @jstnkndy

[aaaguirrep]

Cool. If it is a site that you can share it will be great to get the URL to see where the error comes from. Cheers.

Hi, I am trying with the next command and it shows the same issue:

wfuzz --hc 404 -u http://10.10.10.168:8080/FUZZ/SuperSecureServer.py -w /tools/wordlist/node-dirbuster/lists/directory-list-2.3-big.txt

Fatal exception: Pycurl error 52: Empty reply from server

The ip address is from a Hackthebox machine.

[xmendez]

@aaaguirrep is it something happening only for some paths or is it a general thing? ie. can you use -Z to not stop at errors and still use wfuzz to do the enumeration?

[aaaguirrep]

Hi @xmendez just for some paths, I have used -Z and it worked. Thanks a lot.

[CHERYLMAISELOBO]

wfuzz -c --hc 400,404,403,406 -Z -w /home/kali/Desktop/Wordlists/SecLists-master/Fuzzing/LFI/dicc.txt https://abc.com/FUZZ

/usr/lib/python3/dist-packages/wfuzz/init.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.

How can I resolve this issue?