Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

IDNA does not round-trip

See original GitHub issue

wafw00f https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools

error:

Traceback (most recent call last):
  File "/usr/local/bin/wafw00f", line 4, in <module>
    __import__('pkg_resources').run_script('wafw00f==2.1.0', 'wafw00f')
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 658, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1438, in run_script
    exec(code, namespace, namespace)
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/EGG-INFO/scripts/wafw00f", line 8, in <module>
    main.main()
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/wafw00f/main.py", line 423, in main
    rq = attacker.normalRequest()
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/wafw00f/main.py", line 43, in normalRequest
    return self.Request()
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/wafw00f/lib/evillib.py", line 83, in Request
    allow_redirects=self.allowredir, params=params, verify=False)
  File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 677, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 381, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 978, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 371, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.6/dist-packages/urllib3/util/ssl_.py", line 386, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib/python3.6/ssl.py", line 809, in __init__
    server_hostname)
  File "/usr/lib/python3.6/encodings/idna.py", line 214, in decode
    result.append(ToUnicode(label))
  File "/usr/lib/python3.6/encodings/idna.py", line 139, in ToUnicode
    raise UnicodeError("IDNA does not round-trip", label, label2)
UnicodeError: ('IDNA does not round-trip', b'xn--p8j5cxcyjlcygn342e-comwebmail', b'xn--p8j5cxcyjlcygn342e-upmz7bxaebnai')

Issue Analytics

State:
Created 3 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

2reactions

sandrogaucicommented, Feb 4, 2021

hi @m4ll0k - I wasn’t familiar with this error so I looked it up. It certainly seems to have been a problem with some versions of python3 that supported the old IDNA 2003 and that your URL is encoded with IDNA 2008. See: https://bugs.python.org/issue32437

I still did some tests.

Firstly, the hostname given couldn’t be resolved. I suppose it no longer is valid.

➜  ~ wafw00f https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools

                   ______
                  /      \
                 (  Woof! )
                  \  ____/                      )
                  ,,                           ) (_
             .-. -    _______                 ( |__|
            ()``; |==|_______)                .)|__|
            / ('        /|\                  (  |__|
        (  /  )        / | \                  . |__|
         \(_)_))      /  |  \                   |__|

                    ~ WAFW00F : v2.1.0 ~
    The Web Application Firewall Fingerprinting Toolkit
    
[*] Checking https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools
ERROR:wafw00f:Something went wrong HTTPSConnectionPool(host='xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ffb0554a3a0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
ERROR:wafw00f:Site xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools appears to be down

Then I decided to fake it, so I added a server of mine in my /etc/hosts pointing towards xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools. No errors seen with my version of python:

➜  ~ wafw00f https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools

                ______
               /      \
              (  W00f! )
               \  ____/
               ,,    __            404 Hack Not Found
           |`-.__   / /                      __     __
           /"  _/  /_/                       \ \   / /
          *===*    /                          \ \_/ /  405 Not Allowed
         /     )__//                           \   /
    /|  /     /---`                        403 Forbidden
    \\/`   \ |                                 / _ \
    `\    /_\\_              502 Bad Gateway  / / \ \  500 Internal Error
      `_____``-`                             /_/   \_\

                        ~ WAFW00F : v2.1.0 ~
        The Web Application Firewall Fingerprinting Toolkit
    
[*] Checking https://xn--p8j5cxcyjlcygn342e-comwebmail.ec.us-east-1.cpair.dev.braintree.tools
[+] Generic Detection results:
[-] No WAF detected by the generic detection
[~] Number of requests: 7

So what we can do is to raise a warning, telling you to upgrade your python if you want to use IDNA 2008 hostnames. But other than that, its not our bug 😃

0reactions

m4ll0kcommented, Feb 5, 2021

Hey @sandrogauci - sorry for delay, in the end it was my version of python, now I have solved thank you very much!

Top Results From Across the Web

Issue 32437: UnicodeError: 'IDNA does not round-trip'

First: This is the bug: In [1]: 'großhandel-shop'.encode('idna') Out[1]: b'grosshandel-shop' This lead to this: 'xn--einla-pqa'.

IDNA does not round-trip · Issue #148 · aio-libs/yarl - GitHub

I've published yarl 0.18 with related changes. The main idea is: try idna to encode into IDNA2008. If it fails ( '_' is...

Developers - IDNA does not round trip error - - Bountysource

IDNA does not round trip error ... Seems to be an error with certstream and the encoding and decoding within the confusables.py file....

Accumulated Feedback on PRI #429 - Public Review Issues

However, this conversion would not round trip, since applying ToASCII to "xn--é" would produce a failure value. We propose the following fix ...

https://stuff.mit.edu/afs/sipb/project/python/lib/...

This module implements the RFCs 3490 (IDNA) and 3491 (Nameprep) import stringprep, re, ... "ascii"): raise UnicodeError("IDNA does not round-trip", label, ...