tcf
2013-03-14, 16:25
Hi everybody,
in the process of slowly getting acquainted with Kali, I was running across a weird issue today when using sqlmap via burp on an https connection. It happened that the SSL handshake ran into an error:
# sqlmap -u https://a.b.c/test.aspx --proxy=http://localhost:8080 -v 3
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
starting at 12:23:53
[12:23:53] [DEBUG] cleaning up configuration parameters
[12:23:53] [DEBUG] setting the HTTP timeout
[12:23:53] [DEBUG] setting the HTTP method to GET
[12:23:53] [DEBUG] setting the HTTP/SOCKS proxy for all HTTP requests
[12:23:53] [DEBUG] creating HTTP requests opener object
[12:23:53] [INFO] testing connection to the target url
[12:23:53] [DEBUG] SSL connection error occured ('[Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
The reason for this seems to be an issue with openssl when connecting to SSLv3 systems.
I was able to fix it with a rather dirty hack and would love to hear about more decent solutions.
This is what I did:
vi /usr/share/sqlmap/lib/request/httpshandler.py
Remove ssl.PROTOCOL_SSLv23 from the _protocols list:
#_protocols = [ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1]
_protocols = [ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1]
Compile httpshandler.py:
python -m compileall /usr/share/sqlmap/lib/request/httpshandler.py
After this, the handshake between sqlmap and burp works like a charm.
But, I'd be very much interested in solutions that address the root cause of the issue.
Cheerz,
TC
in the process of slowly getting acquainted with Kali, I was running across a weird issue today when using sqlmap via burp on an https connection. It happened that the SSL handshake ran into an error:
# sqlmap -u https://a.b.c/test.aspx --proxy=http://localhost:8080 -v 3
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
starting at 12:23:53
[12:23:53] [DEBUG] cleaning up configuration parameters
[12:23:53] [DEBUG] setting the HTTP timeout
[12:23:53] [DEBUG] setting the HTTP method to GET
[12:23:53] [DEBUG] setting the HTTP/SOCKS proxy for all HTTP requests
[12:23:53] [DEBUG] creating HTTP requests opener object
[12:23:53] [INFO] testing connection to the target url
[12:23:53] [DEBUG] SSL connection error occured ('[Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
The reason for this seems to be an issue with openssl when connecting to SSLv3 systems.
I was able to fix it with a rather dirty hack and would love to hear about more decent solutions.
This is what I did:
vi /usr/share/sqlmap/lib/request/httpshandler.py
Remove ssl.PROTOCOL_SSLv23 from the _protocols list:
#_protocols = [ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1]
_protocols = [ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1]
Compile httpshandler.py:
python -m compileall /usr/share/sqlmap/lib/request/httpshandler.py
After this, the handshake between sqlmap and burp works like a charm.
But, I'd be very much interested in solutions that address the root cause of the issue.
Cheerz,
TC