[framework] http connect proxy support?
H D Moore
hdm at metasploit.com
Fri Mar 14 14:22:21 CDT 2008
The code should be allowing that (see below). I created ticket #213 to
track it.
# Build the SSL connection
self.sslctx = OpenSSL::SSL::SSLContext.new
# Configure the SSL context
# TODO: Allow the user to specify the verify mode and callback
# Valid modes:
# VERIFY_CLIENT_ONCE
# VERIFY_FAIL_IF_NO_PEER_CERT
# VERIFY_NONE
# VERIFY_PEER
self.sslctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.sslctx.options = OpenSSL::SSL::OP_ALL
# Set the verification callback
self.sslctx.verify_callback = Proc.new do |valid, store|
self.peer_verified = valid
true
end
# Tie the context to a socket
self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
On Friday 14 March 2008, Tim Maletic wrote:
> Now a new but related question: my testing seems to show that at
> least Exploit::Remote::HttpClient returns a failure condition if the
> target SSL server doesn't have a valid certificate. Is this true? If
> so, are there parameters available to force the framework to ignore
> bad certs (as in wget's "--no-check-certificate")?
More information about the Framework
mailing list