Comments (5)
Potentially a bug?
Errors 1 & 3
As mentioned in the OP, running gowitness file
will give me the errors:
ERR failed to witness url error="context deadline exceeded" url=http://api.DOMAIN.com
ERR failed to witness url error="could not retrieve attribute \"outerHTML\": No node with given id found (-32000)" url=https://app.DOMAIN.com
If I run the following one liner, GoWitness will complete successfully without an issue.
cat "../subd.txt" | while read line; do gowitness single -X 2560 -Y 1440 -F "http://$line"; done
Given this, I believe there is some sort of bug. Of course I can just use this in general, but that defeats the purpose of the File
flag in GoWitness
as well as the fact I cannot thread it. I would have to hack some code together so it would run in series in the background (; done &
)
If there is anything else I can provide to hopefully get this resolved, I am more than happy to do so.
Error 2
I only get this on one subdomain out of the list of 13. When going to the same URL in my browser, I am given the following error:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
This tells me that the second error is server-side, and therefore not legitimate to this issue any more.
from gowitness.
Thanks, the extra information is useful. As a hypothesis on what's going on, single
and file
eventually enter the same code path for the screenshotting part, but with file
we try a few things regarding the URL protocol to use by adding http
and https
if there is no protocol. With single
we just parse whatever we got and use that. For this reason I think some of your targets may not be alive on ports 80 or 443, hence the errors you are seeing.
I have two things in mind to test (without knowing your targets):
- Can you check your input file and specify
http
in the file like you do for thewhile
loop and test? - Can you change the goroutines used in
file
to1
with-t 1
on thefile
subcommand?
from gowitness.
Thanks for the reply. It seems that those two suggestions together work. I did attempt -t 1
before making this issue but it didn't change anything from the default run with errors. Something I should maybe note; now that I think about it, it's the same subdomains causing the issue. Is it generally recommended to have the URIs in the list? If so I would just be able to make it fall back from https
to http
if an error occurred with the https fetch.
Based on your hypothesis I thought I would change the order and see if that could be the case using the original command and they still spat out errors. Is there anything I can look for with the issue subdomains when loading it in my browser or maybe curl to see why? If preferable, I can provide you with the target if it makes it less tedious to figure it out. Thank you!
from gowitness.
Think the bigger thing here is that an error is not necessarily a bad thing. It's really just telling you it couldn't screenshot (or preflight) the remote end and will move on to the next target. Specifying the full URL is preferred to prevent gowitness from trying to find something that might not exist to begin with.
On the fallback idea, this is something I have planned for the v3 release.
from gowitness.
Understood. Because I had the time, I was able to set everything up on my PC and it seems gowitness file
on the same list works perfectly fine.
Considering that fact and that Prefetch
was receiving a 200
response code, could this potentially mean my Chromium is having issues? I uninstalled it and reinstalled it on Snap, but I still received the errors with gowitness file
. Is there any suggestions on how I can go about troubleshooting this issue?
from gowitness.
Related Issues (20)
- Include screenshots using domain name and 'Host' header when using nmap XML
- Segfault
- Docker images fail with GLIBC error HOT 2
- Dashboard navigation pages don't wrap
- Could it take screenshot for just one DOM element?
- Can I import this project as a library ? HOT 1
- Snap-Chromium eating disk space HOT 2
- Unable to save long URL filenames by default
- How to specify the SQLite3 file when it is not in the current directory? Similar to sqlite://gowitness.sqlite3. HOT 1
- cleanup / prune data based on perception hash
- Exclude port(s) from being accessed
- Database merging is broken after version 2.4.2 - error unsupported database URI provided HOT 1
- How to delete old records? HOT 1
- [FEATURE REQUEST] Add ability to specify CDP websocket for a remote chrome instance
- Getting error while taking screenshot
- In standalone mode, can multiple instances of screenshotting be done in parallel? HOT 2
- executable file not found in $PATH
- blank pages and following window.location HOT 1
- need target deduplication and database removal API support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gowitness.