SSL issue

[ghost]

I encountered the following error when attempting to run the script against a website with a self-signed or expired certificate (redacted the host ip) :

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 112, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 512, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 622, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 511, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='X.X.X.X', port=443): Max retries exceeded with url: /section.php?page=php://input (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

[ghost]

Fixed via adding verify=false on line 1198

r = requests.post(url=url, headers=gen_headers, data=body, verify=False)

[NovaCygni]

A better fix wouldve been to do a try: except, so if the error message is thrown you Pass over the request entirely, simply changing verify=false is a bad idea as it will still spam the failing handshakes, both noisy, and inefficient.

[NoorQureshi]

[!] Problem reaching 'https://localhost/section.php?page=/etc/passwd'.
[!] Problem connecting to the website