Metasploit mailing list archives
http connect proxy support?
From: hdm at metasploit.com (H D Moore)
Date: Fri, 14 Mar 2008 14:22:21 -0500
The code should be allowing that (see below). I created ticket #213 to
track it.
# Build the SSL connection
self.sslctx = OpenSSL::SSL::SSLContext.new
# Configure the SSL context
# TODO: Allow the user to specify the verify mode and callback
# Valid modes:
# VERIFY_CLIENT_ONCE
# VERIFY_FAIL_IF_NO_PEER_CERT
# VERIFY_NONE
# VERIFY_PEER
self.sslctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.sslctx.options = OpenSSL::SSL::OP_ALL
# Set the verification callback
self.sslctx.verify_callback = Proc.new do |valid, store|
self.peer_verified = valid
true
end
# Tie the context to a socket
self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
On Friday 14 March 2008, Tim Maletic wrote:
Now a new but related question: ?my testing seems to show that at least Exploit::Remote::HttpClient returns a failure condition if the target SSL server doesn't have a valid certificate. ?Is this true? ?If so, are there parameters available to force the framework to ignore bad certs (as in wget's "--no-check-certificate")?
Current thread:
- http connect proxy support? Tim Maletic (Mar 07)
- Message not available
- http connect proxy support? Patrick Webster (Mar 09)
- Message not available
- Message not available
- http connect proxy support? Tim Maletic (Mar 12)
- http connect proxy support? H D Moore (Mar 12)
- http connect proxy support? Tim Maletic (Mar 14)
- http connect proxy support? H D Moore (Mar 14)
- http connect proxy support? Thomas Werth (Mar 18)
- http connect proxy support? Tim Maletic (Mar 12)