View Issue Details

IDProjectCategoryView StatusLast Update
0006771Kali Linux[All Projects] Kali Package Bugpublic2020-11-04 07:30
ReporterIPv4v6 Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version2020.3 
Target VersionFixed in Version 
Summary0006771: Gobuster 3.0.1 does not support TLS 1.3
DescriptionGobuster version 3.0.1 does not connect to TLS 1.3 only servers.
Steps To Reproduce$ gobuster dir -u https://tls13.1d.pw -w /usr/share/wordlists/dirb/small.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url: https://tls13.1d.pw
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/small.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Timeout: 10s
===============================================================
2020/10/06 17:08:17 Starting gobuster
===============================================================
Error: error on running goubster: unable to connect to https://tls13.1d.pw/: Get https://tls13.1d.pw/: remote error: tls: protocol version not supported
Additional InformationWorkaround: compile latest Gobuster version from source

go get github.com/OJ/gobuster

Activities

TheColonial

2020-10-08 00:19

reporter   ~0013543

I'm setting this right now even when running 3.1 built with golang 1.15. From what I can tell there are issues with 1.3 negotiation with certain servers. I'm still trying to get to the bottom of it.

@IPv4v6 can you please share the local configuration that you have that builds binaries that works against tls13.1d.pw ?

Thank you!

image.png (63,212 bytes)
image.png (63,212 bytes)

TheColonial

2020-10-19 00:04

reporter   ~0013572

Hi all,

We went through the rabbit hole of figuring out what was wrong, turns out that the server had an issue. For more information see here:

https://github.com/golang/go/issues/41983

Thanks!
OJ

IPv4v6

2020-11-04 07:30

reporter   ~0013629

I also saw that error (tls: error decoding message) when testing with my self-compiled gobuster binary at the time the server was broken.

To make it clear: the current gobuster Kali package binary has a problem.

$ apt policy gobuster
gobuster:
  Installed: 3.0.1-0kali1
  Candidate: 3.0.1-0kali1
  Version table:
 *** 3.0.1-0kali1 500
        500 http://http.kali.org/kali kali-rolling/main amd64 Packages
        100 /var/lib/dpkg/status

$ ls -la /usr/bin/gobuster
-rwxr-xr-x 1 root root 6742032 Jul 2 2019 /usr/bin/gobuster

$ /usr/bin/gobuster dir -u https://tls13.1d.pw -w /usr/share/wordlists/dirb/small.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url: https://tls13.1d.pw
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/small.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Timeout: 10s
===============================================================
2020/11/04 08:28:00 Starting gobuster
===============================================================
Error: error on running goubster: unable to connect to https://tls13.1d.pw/: Get https://tls13.1d.pw/: remote error: tls: protocol version not supported

Issue History

Date Modified Username Field Change
2020-10-06 15:10 IPv4v6 New Issue
2020-10-08 00:19 TheColonial File Added: image.png
2020-10-08 00:19 TheColonial Note Added: 0013543
2020-10-19 00:04 TheColonial Note Added: 0013572
2020-11-04 07:30 IPv4v6 Note Added: 0013629