View Issue Details

IDProjectCategoryView StatusLast Update
0007216Kali Linux[All Projects] Kali Package Bugpublic2021-06-23 13:52
Reporterpeter.m Assigned Tosteev  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionno change required 
Product Version2021.2 
Target VersionFixed in Version 
Summary0007216: 【WFUZZ】Pycurl is not compiled against Openssl.
Description┌──(root�kali)-[~]
└─# wfuzz
 /usr/local/lib/python3.9/dist-packages/wfuzz/__init__.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer *
* *
* Version up to 1.4c coded by: *
* Christian Martorella (cmartorella@edge-security.com) *
* Carlos del ojo (deepbit@gmail.com) *
* *
* Version 1.4d to 3.1.0 coded by: *
* Xavier Mendez (xmendez@edge-security.com) *
********************************************************

Usage: wfuzz [options] -z payload,params <url>

        FUZZ, ..., FUZnZ wherever you put these keywords wfuzz will replace them with the values of the specified payload.
        FUZZ{baseline_value} FUZZ will be replaced by baseline_value. It will be the first request performed and could be used as a base for filtering.


Examples:
        wfuzz -c -z file,users.txt -z file,pass.txt --sc 200 http://www.site.com/log.asp?user=FUZZ&pass=FUZ2Z
        wfuzz -c -z range,1-10 --hc=BBB http://www.site.com/FUZZ{something not there}
        wfuzz --script=robots -z list,robots.txt http://www.webscantest.com/FUZZ

Type wfuzz -h for further information or --help for advanced usage.
Steps To Reproduceapt install wfuzz
wfuzz

Activities

arnaudr

2021-06-09 03:33

manager   ~0014689

<code>
# apt show python3-pycurl
Package: python3-pycurl
Version: 7.43.0.6-5
Priority: optional
Section: python
Source: pycurl
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Installed-Size: 194 kB
Depends: python3 (<< 3.10), python3 (>= 3.9~), python3:any, libc6 (>= 2.15), libcurl3-gnutls (>= 7.74.0)
Suggests: libcurl4-gnutls-dev, python-pycurl-doc, python3-pycurl-dbg
Homepage: http://pycurl.sourceforge.net
Download-Size: 68.8 kB
APT-Manual-Installed: no
APT-Sources: http://kali.download/kali kali-rolling/main amd64 Packages
Description: Python bindings to libcurl (Python 3)
 This module provides the Python bindings to libcurl. Please refer to
 the libcurl documentation available in libcurl4-gnutls-dev Debian package.
 .
 NOTE: the SSL support is provided by GnuTLS.
 .
 This package contains PyCURL for Python 3.
</code>

Of particular interest, the line: « NOTE: the SSL support is provided by GnuTLS. »

Did you test if wfuzz is functional? Maybe this is just a harmless warning message?

peter.m

2021-06-09 04:01

reporter   ~0014690

Thanks, tested it briefly and it seems to be working fine.

<code>
┌──(root�kali)-[~]
└─# wfuzz -w /mnt/hgfs/Share/Tools/Dir/Php.txt https://www.xxx.com/FUZZ
 /usr/local/lib/python3.9/dist-packages/wfuzz/__init__.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer *
********************************************************

Target: https://www.xxx.com/FUZZ
Total requests: 74001

=====================================================================
ID Response Lines Word Chars Payload
=====================================================================

000000001: 302 7 L 18 W 231 Ch "!top5_ru.php"
000000019: 302 7 L 18 W 231 Ch ".ajax.event.php"
000000015: 302 7 L 18 W 231 Ch "-searchxml.php"
000000021: 302 7 L 18 W 231 Ch ".all.php"
000000022: 302 7 L 18 W 231 Ch ".bxoq.php"
000000018: 302 7 L 18 W 231 Ch "-tops_spmu_remote.php"
</code>

Issue History

Date Modified Username Field Change
2021-06-09 03:07 peter.m New Issue
2021-06-09 03:33 arnaudr Note Added: 0014689
2021-06-09 04:01 peter.m Note Added: 0014690
2021-06-11 09:36 deepsj Issue cloned: 0007218
2021-06-23 13:52 steev Assigned To => steev
2021-06-23 13:52 steev Status new => closed
2021-06-23 13:52 steev Resolution open => no change required