View Issue Details

IDProjectCategoryView StatusLast Update
0006771Kali LinuxKali Package Bugpublic2021-03-09 10:46
ReporterIPv4v6 Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2020.3 
Summary0006771: Gobuster 3.0.1 does not support TLS 1.3
Description

Gobuster version 3.0.1 does not connect to TLS 1.3 only servers.

Steps To Reproduce

$ gobuster dir -u https://tls13.1d.pw -w /usr/share/wordlists/dirb/small.txt

Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)

[+] Url: https://tls13.1d.pw
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/small.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Timeout: 10s

2020/10/06 17:08:17 Starting gobuster

Error: error on running goubster: unable to connect to https://tls13.1d.pw/: Get https://tls13.1d.pw/: remote error: tls: protocol version not supported

Additional Information

Workaround: compile latest Gobuster version from source

go get github.com/OJ/gobuster

Attached Files

Activities

TheColonial

TheColonial

2020-10-08 00:19

reporter   ~0013543

I'm setting this right now even when running 3.1 built with golang 1.15. From what I can tell there are issues with 1.3 negotiation with certain servers. I'm still trying to get to the bottom of it.

@IPv4v6 can you please share the local configuration that you have that builds binaries that works against tls13.1d.pw ?

Thank you!

image.png (63,212 bytes)   
image.png (63,212 bytes)   
TheColonial

TheColonial

2020-10-19 00:04

reporter   ~0013572

Hi all,

We went through the rabbit hole of figuring out what was wrong, turns out that the server had an issue. For more information see here:

https://github.com/golang/go/issues/41983

Thanks!
OJ

IPv4v6

IPv4v6

2020-11-04 07:30

reporter   ~0013629

I also saw that error (tls: error decoding message) when testing with my self-compiled gobuster binary at the time the server was broken.

To make it clear: the current gobuster Kali package binary has a problem.

$ apt policy gobuster
gobuster:
Installed: 3.0.1-0kali1
Candidate: 3.0.1-0kali1
Version table:
*** 3.0.1-0kali1 500
500 http://http.kali.org/kali kali-rolling/main amd64 Packages
100 /var/lib/dpkg/status

$ ls -la /usr/bin/gobuster
-rwxr-xr-x 1 root root 6742032 Jul 2 2019 /usr/bin/gobuster

$ /usr/bin/gobuster dir -u https://tls13.1d.pw -w /usr/share/wordlists/dirb/small.txt

Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)

[+] Url: https://tls13.1d.pw
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/small.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Timeout: 10s

2020/11/04 08:28:00 Starting gobuster

Error: error on running goubster: unable to connect to https://tls13.1d.pw/: Get https://tls13.1d.pw/: remote error: tls: protocol version not supported

sbrun

sbrun

2021-03-09 10:46

manager   ~0014294

fixed in new version 3.1.0-0kali1

Issue History

Date Modified Username Field Change
2020-10-06 15:10 IPv4v6 New Issue
2020-10-08 00:19 TheColonial File Added: image.png
2020-10-08 00:19 TheColonial Note Added: 0013543
2020-10-19 00:04 TheColonial Note Added: 0013572
2020-11-04 07:30 IPv4v6 Note Added: 0013629
2021-03-09 10:46 sbrun Assigned To => sbrun
2021-03-09 10:46 sbrun Status new => resolved
2021-03-09 10:46 sbrun Resolution open => fixed
2021-03-09 10:46 sbrun Note Added: 0014294