Issues with sqlmap, burp and SSL

[tcf]

Hi everybody,

in the process of slowly getting acquainted with Kali, I was running across a weird issue today when using sqlmap via burp on an https connection. It happened that the SSL handshake ran into an error:

Code:

# sqlmap -u https://a.b.c/test.aspx --proxy=http://localhost:8080 -v 3

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 12:23:53

[12:23:53] [DEBUG] cleaning up configuration parameters
[12:23:53] [DEBUG] setting the HTTP timeout
[12:23:53] [DEBUG] setting the HTTP method to GET
[12:23:53] [DEBUG] setting the HTTP/SOCKS proxy for all HTTP requests
[12:23:53] [DEBUG] creating HTTP requests opener object
[12:23:53] [INFO] testing connection to the target url
[12:23:53] [DEBUG] SSL connection error occured ('[Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')

The reason for this seems to be an issue with openssl when connecting to SSLv3 systems.

I was able to fix it with a rather dirty hack and would love to hear about more decent solutions.

This is what I did:

Code:

vi /usr/share/sqlmap/lib/request/httpshandler.py

Remove ssl.PROTOCOL_SSLv23 from the _protocols list:

Code:

#_protocols = [ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1]
_protocols = [ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1]

Compile httpshandler.py:

Code:

python -m compileall /usr/share/sqlmap/lib/request/httpshandler.py

After this, the handshake between sqlmap and burp works like a charm.

But, I'd be very much interested in solutions that address the root cause of the issue.

Cheerz,
TC

[pi3ch]

Great workaround! thanks tcf. There is need for forcing the SSL version to get this working.

Same issue here using sqlmap 1.0-dev, burp 1.5.11, and OpenSSL 1.0.1e 11 Feb 2013. I get the following error:

Code:

[DEBUG] SSL connection error occured ('[Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')

[xychix]

anyone a good solution for patching python requests lib in general?

I keep getting an error when I want to use requests to post to burp https proxy:

Code:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<stdin>", line 6, in gogo
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 60, in get
    return request('get', url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 49, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 457, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 569, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 420, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

[clone]

root@kali:~# pip install requests[security]
root@kali:~# pip install requests[security] --upgrade

https://urllib3.readthedocs.org/en/latest/contrib.html