trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Option to not verify ssl certificates in git option

Open MrJico opened this issue 3 years ago • 4 comments

Hello trufflehog devs

Thanks for all the hard work that you have done

I am requesting to add support for an -k option to bypass ssl validations.

example project that empelents this feature: gobuster

MrJico avatar Apr 07 '22 23:04 MrJico

@MrJico looks simple-ish since most modules use common.SaneHttpClient we just need to set http.Client.Transport.TLSClientConfig.InsecureSkipVerify to true if -k is specified: https://github.com/trufflesecurity/trufflehog/blob/ea95e886ba366541ac08959d4e9d4e49d02c6863/pkg/common/http.go#L124-L129

It probably also needs to be implemented for the other clients there, so it might be easiest to add it to NewCustomTransport: https://github.com/trufflesecurity/trufflehog/blob/ea95e886ba366541ac08959d4e9d4e49d02c6863/pkg/common/http.go#L87-L92

bolshoytoster avatar Apr 09 '22 10:04 bolshoytoster

@MrJico I've just implemented this in my fork, could you see if it works properly.

bolshoytoster avatar Apr 09 '22 14:04 bolshoytoster

@bolshoytoster unfortunately I'm not skilled in golang and can't not testit, same for trufflehog thanks for the hard work ❤

MrJico avatar Apr 10 '22 18:04 MrJico

@MrJico I think you can just run go build at the top level of the project which will build an executable you can run.

bolshoytoster avatar Apr 10 '22 19:04 bolshoytoster

i'm closing this issue because it didn't get any tracking. and no updated on the issue, thanks @bolshoytoster for your work

MrJico avatar Jan 01 '23 17:01 MrJico