Comments (7)
字符串比较,加个引号就行了,没做int转换的,if self.options.ssl_flag == "1":
这样改完了可以正常运行了
from packer-fuzzer.
➜ Packer-Fuzzer-master python3 PackerFuzzer.py -u https://172.16.0.36:8448 -f 1
| _ \ __ _ | | _____ _ __ | | _ ___________ _ __
| |) / ` |/ | |/ / _ \ '| | | | | | | / / _ \ '|
| __/ (| | (| < / | | || || |/ / / / / |
|| _,_|_|_|__|| || _,//_|_|
Packer Fuzzer v1.0
©2020 Poc-Sir、KpLi0rn、Lucy、RachesseHS、Lupin-III
Project Hub: https://github.com/rtcatc/Packer-Fuzzer
[+] 网络连通性检测通过,当前出口IP:x.x.x.x
[16:50:59] 目标站点:https://172.16.0.36:8448
[16:50:59] 正在解析网页中...
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 456, in wrap_socket
cnx.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1915, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
_raise_current_error()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connectionpool.py", line 597, in urlopen
httplib_response = self._make_request(conn, method, url,
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connectionpool.py", line 839, in validate_conn
conn.connect()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connection.py", line 337, in connect
self.sock = ssl_wrap_socket(
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/util/ssl.py", line 358, in ssl_wrap_socket
return context.wrap_socket(sock)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 462, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connectionpool.py", line 637, in urlopen
retries = retries.increment(method, url, error=e, _pool=self,
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/util/retry.py", line 399, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='172.16.0.36', port=8448): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/Users/x/Downloads/x/工具/Packer-Fuzzer-master/lib/Controller.py", line 30, in parseStart
ParseJs(projectTag, self.url, self.options).parseJsStart()
File "/Users/x/Downloads/x/工具/Packer-Fuzzer-master/lib/ParseJs.py", line 154, in parseJsStart
self.requestUrl()
File "/Users/x/Downloads/x/工具/Packer-Fuzzer-master/lib/ParseJs.py", line 46, in requestUrl
demo = requests.get(url=url, headers=headers,proxies=self.proxy_data,).text
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='172.16.0.36', port=8448): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
from packer-fuzzer.
感谢反馈,排查中,是否能将对应log发送一份至我们的邮箱:admin # hackinn.com
from packer-fuzzer.
您这边可以先强行修改代码为全部不校验,看看此模块是否还会继续报错
from packer-fuzzer.
/lib/ParseJs.py文件第46行处,修改为与44行相同的内容
from packer-fuzzer.
谢谢反馈!下一版将做优化!感谢您为此项目做出的 贡献
(后面有几个地方没有全部覆盖取消ssl校验,也会在下一个项目内一并优化
from packer-fuzzer.
已在最近一次更新中修复:09e104d
若仍存在无法全局忽略证书校验的情况或者出现新的问题,您只需要回复此issue即可
关于JS匹配敏感内容,我们也决定同时正则匹配敏感变量及敏感内容,会在大更新中实现,祝好!merci bcp
from packer-fuzzer.
Related Issues (20)
- windows python3.9安装依赖报错: HOT 1
- 添加了一个配套工具,希望大家能喜欢。 HOT 1
- 为什么没有赞赏功能?
- 加代理报错 -p http://127.0.0.1:8080 HOT 4
- 路径含有特殊字符提取报错
- 可以新增一个专门导出api清单的选项吗 HOT 1
- ImportError: cannot import name 'parse_xml' from 'docx.oxml' HOT 2
- ImportError: cannot import name 'parse_xml' from 'docx.oxml' (/usr/local/lib/python3.8/dist-packages/docx/oxml/__init__.py) HOT 8
- /usr/local/lib/python3.9/dist-packages/node_vm2/__init__.py:17: FutureWarning: node_vm2 is deprecated. Please use deno_vm instead. warnings.warn("node_vm2 is deprecated. Please use deno_vm instead.", FutureWarning) HOT 5
- 异步JS提取中的正则问题
- KeyError: 'zh' HOT 3
- 新安装报错 ImportError: cannot import name 'OxmlElement' from 'docx.oxml.xmlchemy' HOT 4
- 这是为什么啊 HOT 1
- 这是什么情况呢?大佬给个指导 HOT 7
- 请问【检测到提取结果不准确,请输入新的BaseDir (使用逗号分隔):】我应该填啥呀,似乎应该是填目录,但是这边目录太多怎么办 HOT 1
- 导入库时失败 HOT 1
- 扫描报告中API清单没有信息 HOT 1
- 是不支持https协议吗 HOT 2
- [!] 检测到提取结果不准确,请输入新的BaseDir (使用逗号分隔): HOT 1
- https自建证书运行会报错 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from packer-fuzzer.