wpscan icon indicating copy to clipboard operation
wpscan copied to clipboard

Published 20 hours ago verified publisher icon wpscanteam

Stream error in the HTTP/2 framing layer

Open SaifKhaan opened this issue 3 years ago • 4 comments

SITE IS UP wpscan version: 3.8.17 wpscan --url https://success.zomato.com/ Scan Aborted: The url supplied 'https://success.zomato.com/' seems to be down (Stream error in the HTTP/2 framing layer) not using proxy

SaifKhaan avatar Mar 27 '21 17:03 SaifKhaan

What's your version of curl ? curl --version If not the latest, or at least 7.72, please update (https://github.com/wpscanteam/wpscan#prerequisites)

erwanlr avatar Mar 30 '21 07:03 erwanlr

sir thanks for replying OS:Kali Curl-version: 7.74.0-1.1

SaifKhaan avatar Mar 31 '21 09:03 SaifKhaan

Also encountering this error on some URLs. Curl version:

curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2u zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

Regala avatar Oct 25 '21 14:10 Regala

anyone found a solution yet??

emgaurav avatar May 02 '22 07:05 emgaurav

Looks like the https://success.zomato.com/ URL is no longer valid. Is there another URL we could use to try to reproduce this error?

alexsanford avatar Sep 21 '23 20:09 alexsanford

I was able to reproduce this (sporadically) for a misbehaving website on my end. It seems to be due to a malformed TLS response that curl is trying to handle.

I tested on Ubuntu 22.04 with curl 7.81.0 and MacOS Ventura with curl 8.1.2. When using the newer curl version, I was only able to reproduce the error when using the --random-user-agent option, which may have been what was causing this particular website to return malformed responses. The older version of curl seemed to have more frequent problems.

I'll also note that I was thinking that this might be an HTTP/2-specific issue, but I messed around with HTTP/1.1 and got an error in this case as well: Failure when receiving data from the peer.

So I think the solution to this is to use the newest version of curl that you can, as the newer versions seem to handle these sorts of issues better. And otherwise to play around with options to see what works for the specific website.

Closing this for now. If we can get a site that consistently causes this error for the latest version of curl, then it would be worth looking into further.

alexsanford avatar Sep 29 '23 14:09 alexsanford