[Feature Request] SSL Parameter

Question

[Feature Request] SSL Parameter

S3cur3Th1sSh1t opened this issue 4 years ago · 3 comments

Hi,

first of all great tool! This makes weblogic vulnerability testing fast.

I found some applications, which server the /wls-wsat/CoordinatorPortType Endpoint via HTTPS instead of HTTP. So SSL support would be very nice at this point.

Greetings

Answer 1 · 2020-11-27T07:21:29.000Z

The program will automatically switch the https protocol to try again, unless it response to a request for http protocol, as described in this section.
https://github.com/0xn0ne/weblogicScanner/blob/master/utils.py#L109

Answer 2 · 2020-11-27T07:22:24.000Z

maybe you want to force https, I'll try it.

Answer 3 · 2020-11-27T09:56:34.000Z

I was looking for verify=true in ws.py only. It failed because the target was using a self signed certificate and Verify is set to true ✋
Got it working now, thanks.