1.7.0 Stacktrace when verifying HTTPS web server URLs
See original GitHub issueIssue Description
I get a stack trace when I click “Verify URL” or Start to send emails for a campaign and the Web Server URL uses the HTTPS protocol.
Previously in version 1.6.0, when my Web Server URL had “https://kp.brandingbrand.com/”, it would fail to verify, but I could switch to “http://kp.brandingbrand.com” as a check. Sending emails still worked with a warning that the secure URL couldn’t be verified. Emails would send successfully with the “https://” URL embedded correctly.
In 1.7.0, verifying or sending emails always fails with a stack trace when using HTTPS.
I’m able to connect to the HTTPS URL from a browser on the client (Windows) and server (Ubuntu) systems. Could this error be caused by our use of AWS ACM certificates on an ELB? We have KP running behind an ELB (reverse proxy) so KP itself isn’t listening on HTTPS.
Reproduction Steps
- Configure KP behind a load balancer that terminates HTTPS connections
- Configure a campaign URL with HTTPS
- Click ‘Verify URL’
Environment Details
Host OS: Ubuntu 16.04 Client OS: Windows 7 Pro King Phisher Version: 1.7.0 (client and server)
Error Details / Stack Trace
Error Type: OpenSSL.SSL.Error
Error Details: Error([('system library', 'fopen', 'No such process'), ('BIO routines', 'BIO_new_file', 'no such file'), ('x509 certificate routines', 'X509_load_cert_crl_file', 'system lib')],)
Error UID: d92d028b-de03-4cf7-a8a0-37dc19f6551a
RPC Error: N/A (Not a remote RPC error)
King Phisher Version: 1.7.0
Platform Version: Windows: 7 6.1.7601 SP1 Multiprocessor Free (Frozen=True)
Python Version: 2.7.12
Gtk Version: 3.14.15
Timezone: America/New_York
Thread Information:
=> MainThread (alive=True daemon=False)
Thread-1 (alive=True daemon=False)
Thread-2 (alive=True daemon=True)
Thread-6 (alive=True daemon=True)
Thread-7 (alive=True daemon=True)
Stack Trace:
Traceback (most recent call last):
File "Y:\FastStorage\king-phisher-release\king-phisher\king_phisher\client\tabs\mail.py", line 859, in signal_button_clicked_verify
File "Y:\FastStorage\king-phisher-release\king-phisher\king_phisher\client\tabs\mail.py", line 91, in test_webserver_url
File "C:\Python27\lib\site-packages\requests\api.py", line 70, in get
File "C:\Python27\lib\site-packages\requests\api.py", line 56, in request
File "C:\Python27\lib\site-packages\requests\sessions.py", line 488, in request
File "C:\Python27\lib\site-packages\requests\sessions.py", line 609, in send
File "C:\Python27\lib\site-packages\requests\adapters.py", line 423, in send
File "C:\Python27\lib\site-packages\requests\packages\urllib3\connectionpool.py", line 600, in urlopen
File "C:\Python27\lib\site-packages\requests\packages\urllib3\connectionpool.py", line 345, in _make_request
File "C:\Python27\lib\site-packages\requests\packages\urllib3\connectionpool.py", line 844, in _validate_conn
File "C:\Python27\lib\site-packages\requests\packages\urllib3\connection.py", line 326, in connect
File "C:\Python27\lib\site-packages\requests\packages\urllib3\util\ssl_.py", line 308, in ssl_wrap_socket
File "C:\Python27\lib\site-packages\requests\packages\urllib3\contrib\pyopenssl.py", line 411, in load_verify_locations
File "C:\Python27\lib\site-packages\OpenSSL\SSL.py", line 533, in load_verify_locations
File "C:\Python27\lib\site-packages\OpenSSL\_util.py", line 48, in exception_from_error_queue
Error: [('system library', 'fopen', 'No such process'), ('BIO routines', 'BIO_new_file', 'no such file'), ('x509 certificate routines', 'X509_load_cert_crl_file', 'system lib')]
Issue Analytics
- State:
- Created 6 years ago
- Comments:6 (4 by maintainers)
Top GitHub Comments
Thanks. I can confirm that v1.7.1 fixes this issue.
Fix in commit 41a9c183f93b68fd1fdaed5bc7f49232df4869fc.