wpscan
wpscan copied to clipboard
Stream error in the HTTP/2 framing layer
SITE IS UP wpscan version: 3.8.17 wpscan --url https://success.zomato.com/ Scan Aborted: The url supplied 'https://success.zomato.com/' seems to be down (Stream error in the HTTP/2 framing layer) not using proxy
What's your version of curl
? curl --version
If not the latest, or at least 7.72, please update (https://github.com/wpscanteam/wpscan#prerequisites)
sir thanks for replying OS:Kali Curl-version: 7.74.0-1.1
Also encountering this error on some URLs. Curl version:
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2u zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
anyone found a solution yet??
Looks like the https://success.zomato.com/
URL is no longer valid. Is there another URL we could use to try to reproduce this error?
I was able to reproduce this (sporadically) for a misbehaving website on my end. It seems to be due to a malformed TLS response that curl is trying to handle.
I tested on Ubuntu 22.04 with curl 7.81.0
and MacOS Ventura with curl 8.1.2
. When using the newer curl version, I was only able to reproduce the error when using the --random-user-agent
option, which may have been what was causing this particular website to return malformed responses. The older version of curl seemed to have more frequent problems.
I'll also note that I was thinking that this might be an HTTP/2-specific issue, but I messed around with HTTP/1.1 and got an error in this case as well: Failure when receiving data from the peer
.
So I think the solution to this is to use the newest version of curl that you can, as the newer versions seem to handle these sorts of issues better. And otherwise to play around with options to see what works for the specific website.
Closing this for now. If we can get a site that consistently causes this error for the latest version of curl
, then it would be worth looking into further.