ssl错误，-f配置不起作用 about packer-fuzzer HOT 7 CLOSED

字符串比较，加个引号就行了，没做int转换的，if self.options.ssl_flag == "1":

这样改完了可以正常运行了

from packer-fuzzer.

➜ Packer-Fuzzer-master python3 PackerFuzzer.py -u https://172.16.0.36:8448 -f 1

| _ \ __ _ | | _____ _ __ | | _ ___________ _ __
| |) / ` |/ | |/ / _ \ '| | | | | | | / / _ \ '|
| __/ (| | (| < / | | || || |/ / / / / |
|| _,_|_|_|__|| || _,//_|_|
Packer Fuzzer v1.0

©2020 Poc-Sir、KpLi0rn、Lucy、RachesseHS、Lupin-III
Project Hub: https://github.com/rtcatc/Packer-Fuzzer

[+] 网络连通性检测通过，当前出口IP：x.x.x.x
[16:50:59] 目标站点：https://172.16.0.36:8448
[16:50:59] 正在解析网页中...
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 456, in wrap_socket
cnx.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1915, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
_raise_current_error()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connectionpool.py", line 597, in urlopen
httplib_response = self._make_request(conn, method, url,
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connectionpool.py", line 839, in validate_conn
conn.connect()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connection.py", line 337, in connect
self.sock = ssl_wrap_socket(
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/util/ssl.py", line 358, in ssl_wrap_socket
return context.wrap_socket(sock)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 462, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/connectionpool.py", line 637, in urlopen
retries = retries.increment(method, url, error=e, _pool=self,
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/urllib3/util/retry.py", line 399, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='172.16.0.36', port=8448): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/Users/x/Downloads/x/工具/Packer-Fuzzer-master/lib/Controller.py", line 30, in parseStart
ParseJs(projectTag, self.url, self.options).parseJsStart()
File "/Users/x/Downloads/x/工具/Packer-Fuzzer-master/lib/ParseJs.py", line 154, in parseJsStart
self.requestUrl()
File "/Users/x/Downloads/x/工具/Packer-Fuzzer-master/lib/ParseJs.py", line 46, in requestUrl
demo = requests.get(url=url, headers=headers,proxies=self.proxy_data,).text
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='172.16.0.36', port=8448): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

from packer-fuzzer.

感谢反馈，排查中，是否能将对应log发送一份至我们的邮箱：admin # hackinn.com

from packer-fuzzer.

您这边可以先强行修改代码为全部不校验，看看此模块是否还会继续报错

from packer-fuzzer.

/lib/ParseJs.py文件第46行处，修改为与44行相同的内容

from packer-fuzzer.

谢谢反馈！下一版将做优化！感谢您为此项目做出的 贡献
（后面有几个地方没有全部覆盖取消ssl校验，也会在下一个项目内一并优化

from packer-fuzzer.

已在最近一次更新中修复：09e104d
若仍存在无法全局忽略证书校验的情况或者出现新的问题，您只需要回复此issue即可
关于JS匹配敏感内容，我们也决定同时正则匹配敏感变量及敏感内容，会在大更新中实现，祝好！merci bcp

from packer-fuzzer.