View Issue Details

IDProjectCategoryView StatusLast Update
0007216Kali LinuxKali Package Bugpublic2021-06-23 13:52
Reporterpeter.m Assigned Tosteev  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionno change required 
Product Version2021.2 
Summary0007216: 【WFUZZ】Pycurl is not compiled against Openssl.
Description

┌──(root�kali)-[~]
└─# wfuzz
/usr/local/lib/python3.9/dist-packages/wfuzz/init.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.


Usage: wfuzz [options] -z payload,params <url>

    FUZZ, ..., FUZnZ  wherever you put these keywords wfuzz will replace them with the values of the specified payload.
    FUZZ{baseline_value} FUZZ will be replaced by baseline_value. It will be the first request performed and could be used as a base for filtering.

Examples:
wfuzz -c -z file,users.txt -z file,pass.txt --sc 200 http://www.site.com/log.asp?user=FUZZ&amp;pass=FUZ2Z
wfuzz -c -z range,1-10 --hc=BBB http://www.site.com/FUZZ{something not there}
wfuzz --script=robots -z list,robots.txt http://www.webscantest.com/FUZZ

Type wfuzz -h for further information or --help for advanced usage.

Steps To Reproduce

apt install wfuzz
wfuzz

Activities

arnaudr

arnaudr

2021-06-09 03:33

manager   ~0014689

<code>

apt show python3-pycurl

Package: python3-pycurl
Version: 7.43.0.6-5
Priority: optional
Section: python
Source: pycurl
Maintainer: Debian Python Team <[email protected]>
Installed-Size: 194 kB
Depends: python3 (<< 3.10), python3 (>= 3.9~), python3:any, libc6 (>= 2.15), libcurl3-gnutls (>= 7.74.0)
Suggests: libcurl4-gnutls-dev, python-pycurl-doc, python3-pycurl-dbg
Homepage: http://pycurl.sourceforge.net
Download-Size: 68.8 kB
APT-Manual-Installed: no
APT-Sources: http://kali.download/kali kali-rolling/main amd64 Packages
Description: Python bindings to libcurl (Python 3)
This module provides the Python bindings to libcurl. Please refer to
the libcurl documentation available in libcurl4-gnutls-dev Debian package.
.
NOTE: the SSL support is provided by GnuTLS.
.
This package contains PyCURL for Python 3.
</code>

Of particular interest, the line: « NOTE: the SSL support is provided by GnuTLS. »

Did you test if wfuzz is functional? Maybe this is just a harmless warning message?

peter.m

peter.m

2021-06-09 04:01

reporter   ~0014690

Thanks, tested it briefly and it seems to be working fine.

<code>
┌──(root�kali)-[~]
└─# wfuzz -w /mnt/hgfs/Share/Tools/Dir/Php.txt https://www.xxx.com/FUZZ
/usr/local/lib/python3.9/dist-packages/wfuzz/init.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.


  • Wfuzz 3.1.0 - The Web Fuzzer *

Target: https://www.xxx.com/FUZZ
Total requests: 74001

=====================================================================
ID Response Lines Word Chars Payload

000000001: 302 7 L 18 W 231 Ch "!top5_ru.php"
000000019: 302 7 L 18 W 231 Ch ".ajax.event.php"
000000015: 302 7 L 18 W 231 Ch "-searchxml.php"
000000021: 302 7 L 18 W 231 Ch ".all.php"
000000022: 302 7 L 18 W 231 Ch ".bxoq.php"
000000018: 302 7 L 18 W 231 Ch "-tops_spmu_remote.php"
</code>

Issue History

Date Modified Username Field Change
2021-06-09 03:07 peter.m New Issue
2021-06-09 03:33 arnaudr Note Added: 0014689
2021-06-09 04:01 peter.m Note Added: 0014690
2021-06-11 09:36 deepsj Issue cloned: 0007218
2021-06-23 13:52 steev Assigned To => steev
2021-06-23 13:52 steev Status new => closed
2021-06-23 13:52 steev Resolution open => no change required