Gowitness module didn't run and didn't produce any screenshots. <a h

I'm hoping this will get solved when we replace gowitness with <a href="https://github

The issue appears to be with your proxy: <a target="_blank" rel="noo

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

Here you are: <a href="https://github.com/blacklanternsecurity/bbot/

<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clip

Gowitness Didn't Run about bbot HOT 15 OPEN

amiremami commented on May 24, 2024

Gowitness Didn't Run

from bbot.

Comments (15)

TheTechromancer commented on May 24, 2024 1

I'm hoping this will get solved when we replace gowitness with playwright.

from bbot.

amiremami commented on May 24, 2024

It seems because of using proxy, gowitness is not running.

from bbot.

TheTechromancer commented on May 24, 2024

The issue appears to be with your proxy:

This indicates the proxy isn't accepting connections.

from bbot.

amiremami commented on May 24, 2024

Hey @TheTechromancer thanks a lot, they said they fixed it, I don't get anymore connection refused in debug.log , however, still don't get any screenshots, is this still a proxy issue?

debug.log
output.json

from bbot.

TheTechromancer commented on May 24, 2024

Hmm, that's strange. I see the URLs in there at least. Can you run the scan with -d?

from bbot.

amiremami commented on May 24, 2024

Here you are:

debug.log
output.json

from bbot.

TheTechromancer commented on May 24, 2024

2024-04-16 17:35:24,834 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("https://myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:26,532 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:35,441 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://www.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:35,442 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://mx.myaccounting.it/", module=httpx, tags={'status-302', 'http-title-302-found', 'in-scope', 'dir'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:44,460 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://load.gtm.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'http-title-301-moved-permanently', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:48,500 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("https://www.areaclienti.myaccounting.it/", module=httpx, tags={'status-302', 'in-scope', 'dir'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:48,501 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("https://areaclienti.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:49,807 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://www.areaclienti.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:49,955 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://areaclienti.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:59,747 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("https://www.areaclienti.myaccounting.it/area-clienti/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect

Based on this it looks like due to the proxy, httpx is missing some of the https URLs. This is probably not the proxy's fault; this is a known issue with httpx. We have a very old bug open for this: #35.

We really need to replace this tool with something decent.

It's hard to tell but there may also be an issue with redirections. There are some pretty long redirect chains here, like http://areaclienti.myaccounting.it/ --> https://areaclienti.myaccounting.it/ --> https://www.areaclienti.myaccounting.it/ --> https://www.areaclienti.myaccounting.it/area-clienti/login/?redirect=https%3A%2F%2Fwww.areaclienti.myaccounting.it%2F.

from bbot.

TheTechromancer commented on May 24, 2024

The following URLs did pass post-check, so they were processed by gowitness. It's unclear why there were no screenshots for them:

2024-04-16 17:35:28,511 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://www.myaccounting.it/", module=httpx, tags={'status-200', 'dir', 'in-scope', 'http-title-myaccounting-it-studio-di-cont'}) passed post-check
2024-04-16 17:35:42,264 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://load.gtm.myaccounting.it/", module=httpx, tags={'status-400', 'in-scope', 'dir'}) passed post-check
2024-04-16 17:35:45,597 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://gtm.myaccounting.it:80/", module=httpx, tags={'dir', 'in-scope', 'status-404'}) passed post-check
2024-04-16 17:35:47,052 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://gtm.myaccounting.it/", module=httpx, tags={'status-400', 'in-scope', 'dir'}) passed post-check
2024-04-16 17:35:53,645 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://www.areaclienti.myaccounting.it/area-clienti/login/", module=httpx, tags={'in-scope', 'http-title-login-myaccounting-it', 'status-200', 'login-page', 'dir'}) passed post-check

I'd recommend running gowitness manually to see if it spits out any errors:

/root/.bbot/tools/gowitness --chrome-path /root/.bbot/tools/chrome-linux/chrome --db-path /root/.bbot/scans/cheeky_snape/gowitness/gowitness.sqlite3 --screenshot-path /root/.bbot/scans/cheeky_snape/gowitness/screenshots --user-agent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.2151.97' --proxy socks5://14ac7cb2f8d2c:[email protected]:12324 --resolution-x 1440 --resolution-y 900 file -f - --threads 4

from bbot.

amiremami commented on May 24, 2024

Thanks. I don't think it's because of redirections, Because it's not possible to get screenshots from any site.

Nothing printed here:

from bbot.

TheTechromancer commented on May 24, 2024

You need to pipe the urls into it.

from bbot.

amiremami commented on May 24, 2024

Sorry,

from bbot.

TheTechromancer commented on May 24, 2024

Seems to be another issue with the proxy. It might be worth trying a basic curl to verify a basic web request works through the proxy.

from bbot.

amiremami commented on May 24, 2024

I used these commands and it seems works fine:

curl -x socks5://14ac7cb2f8d2c:[email protected]:12324 https://www.myaccounting.it/
curl -x socks5://14ac7cb2f8d2c:[email protected]:12324 davcrkdidfhlhgvabwxp2nmjt0mkbpti9.oast.fun

from bbot.

TheTechromancer commented on May 24, 2024

Ah okay. Apparently the issue is that chromium doesn't support socks5 auth: puppeteer/puppeteer#1074

from bbot.

amiremami commented on May 24, 2024

Thanks a lot. 🙏 I also tried http auth but didn't work.

bbot -t tesla.com -m httpx gowitness -c http_proxy=http://14ac7cb2f8d2c:[email protected]:12323

So, I guess there is no solution for this. I will run gowitness in separate scan without proxy.

from bbot.

Gowitness Didn't Run about bbot HOT 15 OPEN

Comments (15)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent