Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception: unable to find valid certification path to requested target #79

Open
frakman1 opened this issue Mar 16, 2021 · 5 comments
Open

Exception: unable to find valid certification path to requested target #79

frakman1 opened this issue Mar 16, 2021 · 5 comments

Comments

@frakman1
Copy link

frakman1 commented Mar 16, 2021
edited
Loading

While running against a local router, I get these exceptions:

java -cp "tsunami-main-0.0.4-SNAPSHOT-cli.jar:/home/frakman1/tsunami/plugins/*"   -Dtsunami-config.location=/home/frakman1/tsunami/tsunami.yaml   com.google.tsunami.main.cli.TsunamiCli   --ip-v4-target=6.1.131.88   --scan-results-local-output-format=JSON   --scan-results-local-output-filename=/tmp/tsunami-output.json
Mar 15, 2021 9:06:29 PM com.google.tsunami.plugins.detectors.credentials.cve20177615.MantisBTAuthenticationBypassDetector isServiceVulnerable
WARNING: Unable to query 'http://6.1.131.88/verify.php?id=1&confirm_hash='.
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1408)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1314)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:319)
	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:283)
	at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:168)
	at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257)
	at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
	at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:254)
	at okhttp3.RealCall.execute(RealCall.java:92)
	at com.google.tsunami.common.net.http.HttpClient.send(HttpClient.java:72)
	at com.google.tsunami.plugins.detectors.credentials.cve20177615.MantisBTAuthenticationBypassDetector.isServiceVulnerable(MantisBTAuthenticationBypassDetector.java:106)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:176)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
	at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
	at com.google.tsunami.plugins.detectors.credentials.cve20177615.MantisBTAuthenticationBypassDetector.detect(MantisBTAuthenticationBypassDetector.java:89)
	at com.google.tsunami.workflow.DefaultScanningWorkflow.lambda$detectVulnerabilities$8(DefaultScanningWorkflow.java:267)
	at com.google.tsunami.plugin.PluginExecutorImpl.lambda$executeAsync$0(PluginExecutorImpl.java:56)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:69)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
	at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
	... 49 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
	... 55 more

It keeps going, throwing several of these errors.
At the end, it hangs. I have to CTL+C to get out and no log files are available

Mar 15, 2021 9:06:30 PM com.google.tsunami.plugins.detectors.rce.cve201811776.ApacheStrutsNamespaceRceDetector detect
INFO: ApacheStrutsContentTypeRceDetector finished, detected '0' vulns.
@flag007
Copy link

flag007 commented Oct 2, 2021

hi

@flag007
Copy link

flag007 commented Oct 2, 2021

Did you solve it?

@RedaMastouri
Copy link

RedaMastouri commented Oct 3, 2021 via email

@nikhen
Copy link

nikhen commented Feb 3, 2022

Verification of the certificate chain is attempted but fails.

A workaround for this is to manually add the server certificate as trusted certificate to Java key store.

  1. To set the IP address of the target (replace 6.1.131.88 with your value), set the environment variable

    export TARGET_IP=6.1.131.88

  2. To get the certificate from the server and save it to file public.crt, execute

    openssl s_client -connect $TARGET_IP:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

  3. To add the certificate to trusted certificates in your keystore, run

    keytool -importcert -alias custom-$TARGET_IP -file public.crt

You might have to explicitly set the location and password of the key store via parameters -Djavax.net.ssl.keyStore and -Djavax.net.ssl.keyStorePassword when running tsunami, for example

java -cp "tsunami-main-0.0.4-SNAPSHOT-cli.jar:$HOME/tsunami/plugins/*"   -Dtsunami-config.location=$HOME/tsunami/tsunami.yaml -Djavax.net.ssl.keyStore=$HOME/.keystore and -Djavax.net.ssl.keyStorePassword=changeit   com.google.tsunami.main.cli.TsunamiCli   --ip-v4-target=$TARGET_IP   --scan-results-local-output-format=JSON   --scan-results-local-output-filename=/tmp/tsunami-output.json

@JamesFoxxx
Copy link

try using the following switch for tsunami cli:
--http-client-trust-all-certificates

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@frakman1 @RedaMastouri @nikhen @flag007 @JamesFoxxx