You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I run Photon against certain domains, using this command, python3 photon.py -u autodiscover.tesla.com, I get the following error:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 453, in wrap_socket
cnx.do_handshake()
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
_raise_current_error()
File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 344, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 459, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type')])",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='autodiscover.tesla.com', port=443): Max retries exceeded with url: /robots.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type')])")))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "photon.py", line 270, in <module>
zap(main_url, args.archive, domain, host, internal, robots)
File "/home/bounty/bounty/tools/Photon/core/zap.py", line 23, in zap
response = requests.get(input_url + '/robots.txt', verify=False).text
File "/usr/local/lib/python3.7/dist-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 668, in send
history = [resp for resp in gen] if allow_redirects else []
File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 668, in <listcomp>
history = [resp for resp in gen] if allow_redirects else []
File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 247, in resolve_redirects
**adapter_kwargs
File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='autodiscover.tesla.com', port=443): Max retries exceeded with url: /robots.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type')])")))
What I think may be happening is something to do with the site supporting TLSv1.0, similar to issue #113.
It may even be something to do with OpenSSL, as when I run curl -ki https://autodiscover.tesla.com, I get the following output: curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type, which matches the Python error above.
I have tried adding verify=False to all of the requests.get() calls in core/zap.py, but nothing changes. It seems to be an issue in the TLS negotiation itself.
Using latest updated Kali Linux: Linux thinkpad 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux
Python version: Python 3.7.3rc1
OpenSSL: OpenSSL 1.1.1b 26 Feb 2019
Thanks for this great tool!
The text was updated successfully, but these errors were encountered:
I tested the same domain with OpenSSL directly, using openssl s_client -connect autodiscover.tesla.com:443 and I was able to connect without error. I assume curl is using OpenSSL, but maybe not since OpenSSL itself is not throwing an error.
When I run Photon against certain domains, using this command,
python3 photon.py -u autodiscover.tesla.com
, I get the following error:What I think may be happening is something to do with the site supporting TLSv1.0, similar to issue #113.
It may even be something to do with OpenSSL, as when I run
curl -ki https://autodiscover.tesla.com
, I get the following output:curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
, which matches the Python error above.I have tried adding
verify=False
to all of therequests.get()
calls incore/zap.py
, but nothing changes. It seems to be an issue in the TLS negotiation itself.Using latest updated Kali Linux:
Linux thinkpad 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux
Python version:
Python 3.7.3rc1
OpenSSL:
OpenSSL 1.1.1b 26 Feb 2019
Thanks for this great tool!
The text was updated successfully, but these errors were encountered: