SSL Handshake exception error
toussaiv opened this issue · 3 comments
Hi,
When trying to launch the exploit to an HTTPS website, here is the error we get:
Unexpected exception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
......
Command launched looks like :
java -jar spring-break_cve-2017-8046-1.3-jar-with-dependencies.jar --header "id:Batman" --header "role:admin" --url "https://toto.com" --command whoami
Any idea how to fix that?
Thanks
Hello,
If I had to take a guess, your site is using HTTPS with autosigned certificate or a certificate signed with a private CA, thus the error "unable to find valid certification path to requested target".
You have 2 choices:
- Install the certification authority's certificate on your system.
- Create a keystore with your site's certificate, and feed it to java.
The second method is what I usually do for programs that do not have a "--ignore-ssl" option, and it is valid for every other java program.
The steps to create the keystore are below :
openssl s_client -servername your.server.hostname -connect your.server.hostname:port </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/cert.pem
This will fetch the server's certificate and store it in /tmp
.
keytool -import -v -trustcacerts -alias your.server.hostname -file /tmp/cert.pem -keystore /tmp/keystore.jks
This will create a keystore with the previously retrieved certificate
Finally, launch your program with this additional option :
-Djavax.net.ssl.trustStore=/tmp/keystore.jks
Hope this resolves your issue.
Happy hacking !
Thanks for the answer!
The root cause seems perfect and the solution also but unfortunately It didn't work :(.
I get well the certificate in cert.pem and then transform it into jks.
Then, I get the same error with the command:
java -Djavax.net.ssl.trustStore='/tmp/keystore2.jks' -jar spring-break_cve-2017-8046-1.3-jar-with-dependencies.jar --url "https://toto.com" --command whoami
Maybe I can do something if I have in my possession the selfsignedcertificate from the remote server which is in p12 format?
Again, thanks.
Ok I finally manage the error.
What I did:
Instead of using the command
-Djavax.net.ssl.trustStore=/tmp/keystore.jks
I import the certificate directly in the JDK with the command:
To generate certificate from keystore(.jks file)
keytool -export -keystore keystore.jks -alias selfsigned -file selfsigned.crt
Now add the certificate to JRE/lib/security/cacerts (trustore)
keytool -importcert -file selfsigned.crt -alias selfsigned -keystore {{cacerts path}}