Comments (15)
I'm hoping this will get solved when we replace gowitness with playwright.
from bbot.
It seems because of using proxy, gowitness is not running.
from bbot.
The issue appears to be with your proxy:
This indicates the proxy isn't accepting connections.
from bbot.
Hey @TheTechromancer thanks a lot, they said they fixed it, I don't get anymore connection refused in debug.log , however, still don't get any screenshots, is this still a proxy issue?
from bbot.
Hmm, that's strange. I see the URLs in there at least. Can you run the scan with -d
?
from bbot.
Here you are:
from bbot.
2024-04-16 17:35:24,834 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("https://myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:26,532 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:35,441 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://www.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:35,442 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://mx.myaccounting.it/", module=httpx, tags={'status-302', 'http-title-302-found', 'in-scope', 'dir'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:44,460 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://load.gtm.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'http-title-301-moved-permanently', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:48,500 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("https://www.areaclienti.myaccounting.it/", module=httpx, tags={'status-302', 'in-scope', 'dir'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:48,501 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("https://areaclienti.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:49,807 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://www.areaclienti.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:49,955 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("http://areaclienti.myaccounting.it/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
2024-04-16 17:35:59,747 [DEBUG] bbot.modules.gowitness base.py:1214 Not accepting URL("https://www.areaclienti.myaccounting.it/area-clienti/", module=httpx, tags={'dir', 'in-scope', 'status-301'}) because it did not meet custom filter criteria: URL is a redirect
Based on this it looks like due to the proxy, httpx
is missing some of the https URLs. This is probably not the proxy's fault; this is a known issue with httpx
. We have a very old bug open for this: #35.
We really need to replace this tool with something decent.
It's hard to tell but there may also be an issue with redirections. There are some pretty long redirect chains here, like http://areaclienti.myaccounting.it/ --> https://areaclienti.myaccounting.it/ --> https://www.areaclienti.myaccounting.it/ --> https://www.areaclienti.myaccounting.it/area-clienti/login/?redirect=https%3A%2F%2Fwww.areaclienti.myaccounting.it%2F.
from bbot.
The following URLs did pass post-check, so they were processed by gowitness. It's unclear why there were no screenshots for them:
2024-04-16 17:35:28,511 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://www.myaccounting.it/", module=httpx, tags={'status-200', 'dir', 'in-scope', 'http-title-myaccounting-it-studio-di-cont'}) passed post-check
2024-04-16 17:35:42,264 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://load.gtm.myaccounting.it/", module=httpx, tags={'status-400', 'in-scope', 'dir'}) passed post-check
2024-04-16 17:35:45,597 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://gtm.myaccounting.it:80/", module=httpx, tags={'dir', 'in-scope', 'status-404'}) passed post-check
2024-04-16 17:35:47,052 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://gtm.myaccounting.it/", module=httpx, tags={'status-400', 'in-scope', 'dir'}) passed post-check
2024-04-16 17:35:53,645 [DEBUG] bbot.modules.gowitness base.py:1214 URL("https://www.areaclienti.myaccounting.it/area-clienti/login/", module=httpx, tags={'in-scope', 'http-title-login-myaccounting-it', 'status-200', 'login-page', 'dir'}) passed post-check
I'd recommend running gowitness manually to see if it spits out any errors:
/root/.bbot/tools/gowitness --chrome-path /root/.bbot/tools/chrome-linux/chrome --db-path /root/.bbot/scans/cheeky_snape/gowitness/gowitness.sqlite3 --screenshot-path /root/.bbot/scans/cheeky_snape/gowitness/screenshots --user-agent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.2151.97' --proxy socks5://14ac7cb2f8d2c:[email protected]:12324 --resolution-x 1440 --resolution-y 900 file -f - --threads 4
from bbot.
Thanks. I don't think it's because of redirections, Because it's not possible to get screenshots from any site.
from bbot.
You need to pipe the urls into it.
from bbot.
Sorry,
from bbot.
Seems to be another issue with the proxy. It might be worth trying a basic curl
to verify a basic web request works through the proxy.
from bbot.
I used these commands and it seems works fine:
curl -x socks5://14ac7cb2f8d2c:[email protected]:12324 https://www.myaccounting.it/
curl -x socks5://14ac7cb2f8d2c:[email protected]:12324 davcrkdidfhlhgvabwxp2nmjt0mkbpti9.oast.fun
from bbot.
Ah okay. Apparently the issue is that chromium doesn't support socks5 auth: puppeteer/puppeteer#1074
from bbot.
Thanks a lot. 🙏 I also tried http auth but didn't work.
bbot -t tesla.com -m httpx gowitness -c http_proxy=http://14ac7cb2f8d2c:[email protected]:12323
So, I guess there is no solution for this. I will run gowitness in separate scan without proxy.
from bbot.
Related Issues (20)
- dockerhub got `ORG_STUB("github", module=speculate, tags={'distance-1'})` HOT 5
- dockerhub not accepting `org:` from targets HOT 3
- Event Discovery Context
- Badsecrets Bug HOT 2
- Wrong Format of URL Detected HOT 5
- Revisit Nuclei directory_only setting HOT 3
- I hope fofa api will be added in the future HOT 3
- Content Search Module
- httpx module not getting downloaded HOT 7
- Enhancement: Notifications Cache
- Baddns Incoming Huge Numbers
- Save Paramminer Dynamic Wordlist For Each HTTP Response
- `self.timeout` unused in gowitness module HOT 4
- RuntimeError: context has already been set HOT 4
- WPScan Module HOT 1
- Kill Multiple Modules
- Sponsor Upstream Dependencies
- IPv6 regex pattern incorrectly matches non-IPv6 addresses, no testing is being done for IP related regex patterns HOT 4
- pre-commit git hooks described in contribution.md, but no example .pre-commit-config.yaml provided
- Utilise DNS CAA records, extract authorised CAA's as affiliates, extract emails and URL's from any IODEF reporting destinations HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbot.