about disable ssl cert check / accept low strength certificate encryption

[c2xusnpq6]

tsl1.0 --tlsv1.0 or -1 ?

$ curl -h | sed -ne '/--tlsv/p'
 -1, --tlsv1 Use TLSv1.0 or greater
     --tlsv1.0 Use TLSv1.0
     --tlsv1.1 Use TLSv1.1
     --tlsv1.2 Use TLSv1.2
     --tlsv1.3 Use TLSv1.3 

[shelld3v]

I think dirsearch disabled certificate check by default

[c2xusnpq6]

I think dirsearch disabled certificate check by default

or... how do i force the use of tls v1.0?

[shelld3v]

Well, it's not important, we can request without cert check, so tls v1.0 or no cert has no impact

[c2xusnpq6]

Well, it's not important, we can request without cert check, so tls v1.0 or no cert has no impact

but... i can't do the test... with this

[c2xusnpq6]

firefox: SEC_ERROR_UNKNOWN_ISSUER @shelld3v @maurosoria

[c2xusnpq6]

curl:

# curl -v "https://xx.xx.xx.xx/" -H "Host: xxxx.xx" -k
*   Trying xx.xx.xx.xx:443...
* Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

@shelld3v @maurosoria

[c2xusnpq6]

curl with -1:

curl -v "https://xx.xx.xx.xx/" -H "Host: hidden.hidden" -k -1
*   Trying xx.xx.xx.xx:443...
* Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / ECDHE-RSA-AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=CloudFlare, Inc.; OU=CloudFlare Origin CA; CN=CloudFlare Origin Certificate
*  start date: Oct  6 06:08:00 2020 GMT
*  expire date: Oct  3 06:08:00 2035 GMT
*  issuer: C=US; O=CloudFlare, Inc.; OU=CloudFlare Origin SSL Certificate Authority; L=San Francisco; ST=California
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> Host: hidden.hidden
> User-Agent: curl/7.72.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/7.hidden
< X-AspNet-Version: 2.0.hidden
< X-Powered-By: ASP.NET
< Date: Wed, 23 Dec 2020 07:55:33 GMT
< Content-Length: 2363
<

...

@shelld3v @maurosoria

[shelld3v]

I don't know what are you tesing?

[c2xusnpq6]

@shelld3v I need something like -1 and -k ^^''

 -1, --tlsv1         Use TLSv1.0 or greater
     --tlsv1.0       Use TLSv1.0 or greater
     --tlsv1.1       Use TLSv1.1 or greater
     --tlsv1.2       Use TLSv1.2 or greater
     --tlsv1.3       Use TLSv1.3 or greater

 -k, --insecure      Allow insecure server connections when using SSL

[shelld3v]

-k is available by default!

[shelld3v]

And I think -1 is not important

[c2xusnpq6]

I can't start the test, if I don't get -1 (Of course I tried before submitting here...)

[shelld3v]

I can't understand what you tried to say. If you select a low strength encryption certificate website and try brute-forcing it with dirsearch, you will see that it works fluently!!

[c2xusnpq6]

Of course I tried before submitting here...

[c2xusnpq6]

It needed to be TLS1.0...

[c2xusnpq6]

And I can't scan that old website with dirsearch...

[shelld3v]

And I can't scan that old website with dirsearch...

What is the error traceback?

[c2xusnpq6]

@shelld3v

sudo python3 dirsearch.py --max-retries 3 --random-user-agent --full-url -e hidden --timeout 10 -w "hidden" -r -R 10 -t 10 -u "https://xx.xx.xx.xx/"

  _|. _ _  _  _  _ _|_    v0.4.1
 (_||| _) (/_(_|| (_| )

Extensions: hidden | HTTP method: GET | Threads: 10 | Wordlist size: 278071

Error Log: /root/dirsearch/logs/errors-hidden.log

Target: https://xx.xx.xx.xx/

There was a problem in the request to: https://xx.xx.xx.xx:443/

Task Completed

[shelld3v]

Were you able to visit https://xx.xx.xx.xx:443/ from your browser?

[c2xusnpq6]

Were you able to visit https://xx.xx.xx.xx:443/ from your browser?

I told u before bro.... ^^'' it's ok, but you need to click the ~ignore button

Firefox: SEC_ERROR_UNKNOWN_ISSUER

[c2xusnpq6]

It needs -1 I pretty sure that…

[c2xusnpq6]

@shelld3v

[shelld3v]

I have no idea why should I do this! People haven't seen any problem with SSL in dirsearch for years, so I don't know why you are facing this. I even don't know is it an SSL problem or not, and how to fix this (I disabled cert check, what else to do?)! I maybe need to investigate more!!

[c2xusnpq6]

With and without -1: https://github.com/maurosoria/dirsearch/issues/676#issuecomment-749993128 https://github.com/maurosoria/dirsearch/issues/676#issuecomment-749994896

with -1: it works without -1: it doesn't

@shelld3v

[shelld3v]

Hi, sorry for being so late! I am trying to find a way to fix this.

[shelld3v]

Hi, can you give me any website that has a low strength certificate? So I can do more tests for my fix!!

[c2xusnpq6]

Hi, can you give me any website that has a low strength certificate? So I can do more tests for my fix!!

send me ur email addr then~ thx ^^

[oldlazycat]

Is the problem solved, and how?I have the same problem here, macos big sur, version 0.4.1, example: python dirsearch.py -u https://xx.x.x.x:8081/

|. _ _ _ _ _ | v0.4.1 (||| ) (/(|| (| )

Extensions: php, asp, aspx, jsp, html, htm, js | HTTP method: GET | Threads: 20 | Wordlist size: 11793

Error Log: XXX/dirsearch-0.4.1-alpha/logs/errors-21-01-21_15-30-04.log

Target: https://xx.xx.xx.xx:8081/

There was a problem in the request to: https://xx.xx.xx.xx:8081

Task Completed

[shelld3v]

Hey @oldlazycat, I don't think port 8081 is served for HTTPS service! Try http://xx.xx.xx.xx:8081

[oldlazycat]

Hey @oldlazycat, I don't think port 8081 is served for HTTPS service! Try http://xx.xx.xx.xx:8081

It doesn't have to be port 443, you can specify any port, and it is https://xx.xx.xx.xx:8081

[shelld3v]

It doesn't have to be port 443, you can specify any port, and it is https://xx.xx.xx.xx:8081

Try opening https://xx.xx.xx.xx:8081 in your browser and you will know it is HTTP or HTTPS

[oldlazycat]

[c2xusnpq6]

bruh....

[shelld3v]

Hi, sorry, but I haven't found a fix that can fit all the requirements yet (this may need a lot of updates), and I am in my break, so I can't fix it now. I hope I can get back soon!! Meanwhile, you can hack other things, right ;)

Happy Lunar New Year! (not yet, but will be soon)

[c2xusnpq6]

it's fine~ thx ^^

[maurosoria]

Hello folks,

If you can give me at least one host with the same issue, I'd probably be able to fix it.

You can write me via email or twitter.

Regards, Mauro

[c2xusnpq6]

Hello folks,

If you can give me at least one host with the same issue, I'd probably be able to fix it.

You can write me via email or twitter.

Regards, Mauro

Can I get your email address? THX

[c2xusnpq6]

ping? @maurosoria

[maurosoria]

You should be able to see it in my profile

maurosoria at protonmail dot com

[c2xusnpq6]

https://stackoverflow.com/questions/62306296/how-to-use-tls-1-0-with-python-3-8

[shelld3v]

https://stackoverflow.com/questions/62306296/how-to-use-tls-1-0-with-python-3-8

From that link, you can fix this with pip install urllib3[secure]

[c2xusnpq6]

I'll take a look later, THX!

[c2xusnpq6]

# sudo python3 -m pip install urllib3[secure]
Requirement already satisfied: urllib3[secure] in /usr/local/lib/python3.9/dist-packages (1.24.3)
Requirement already satisfied: certifi in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (2020.12.5)
Requirement already satisfied: ipaddress in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (1.0.23)
Requirement already satisfied: idna>=2.0.0 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (2.8)
Requirement already satisfied: cryptography>=1.3.4 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (3.3.1)
Requirement already satisfied: pyOpenSSL>=0.14 in /usr/local/lib/python3.9/dist-packages (from urllib3[secure]) (20.0.1)
Requirement already satisfied: six>=1.4.1 in /usr/local/lib/python3.9/dist-packages (from cryptography>=1.3.4->urllib3[secure]) (1.15.0)
Requirement already satisfied: cffi>=1.12 in /usr/local/lib/python3.9/dist-packages (from cryptography>=1.3.4->urllib3[secure]) (1.14.4)
Requirement already satisfied: pycparser in /usr/local/lib/python3.9/dist-packages (from cffi>=1.12->cryptography>=1.3.4->urllib3[secure]) (2.20)

🤔

[shelld3v]

Hi @c2xusnpq6, sorry for the late response.

Look at this: https://stackoverflow.com/a/38502727/12238982

I'm suspecting that the issue you facing does not relate to SSL/TLS. @c2xusnpq6 @oldlazycat If one of u can give me the target, I will be happy and try my best to solve your problems.

Thanks

[shelld3v]

Hi @c2xusnpq6, I have delayed for so long, so made a fix locally. But I need to test this fix first, can you give a target that uses TLSv1?

[c2xusnpq6]

I'm sorry, I forgot the target IP... maybe next time... you can close this issue😅thx

[shelld3v]

No problem, I will keep this issue open until you find that IP