Issue with Dispatcher architecture and SSL

mandar.satam's Avatar

mandar.satam

14 Aug, 2015 07:37 PM

Hi

I am having an issue when using the dispatcher architecture supported by the scanner. If I run a dispatcher on a server and then use a rpc client on the same server then the scanner seems to work. However, if I connect to the dispatcher from another machine with a arachni_rpc client then it gives an error which i have provided below. Seems to me that I need to set up certificates correctly for the dispatcher and the client I am assuming, but could not find any article in regards to that. Could you kindly help with this issue?

Also this is how I am starting a dispatcher on the server: arachni_rpcd --address 0.0.0.0 --port 2222

Error from arachni_rpc client on another machine:

arachni_rpc --dispatcher-url=52.21.64.164:2222 http://testhtml5.vulnweb.com/
Arachni - Web Application Security Scanner Framework v1.0.6
   Author: Tasos "Zapotek" Laskos <[email blocked]>

           (With the support of the community and the Arachni Team.)

   Website:       http://arachni-scanner.com
   Documentation: http://arachni-scanner.com/wiki
 [~] No element audit options were specified, will audit links, forms and cookies.

 [-] [Arachni::RPC::Exceptions::ConnectionError] Connection refused - SSL_connect for '0.0.0.0:49571'.
 [-] /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection/tls.rb:66:in `connect_nonblock'
 [-] /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection/tls.rb:66:in `start_tls'
 [-] /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/protocol.rb:23:in `on_connect'
 [-] /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection.rb:274:in `configure'
 [-] /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:205:in `block in connect'
 [-] /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection/error.rb:26:in `call'
 [-] /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection/error.rb:26:in `translate'
 [-] /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:200:in `connect'
 [-] /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/client.rb:111:in `connect'
 [-] /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/client.rb:216:in `call_async'
 [-] /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/client.rb:235:in `call_sync'
 [-] /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/client.rb:196:in `call'
 [-] /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/proxy.rb:73:in `forward'
 [-] /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/proxy.rb:80:in `method_missing'
 [-] /usr/share/arachni/system/gems/gems/arachni-1.0.6/ui/cli/rpc/client/instance.rb:67:in `run'
 [-] /usr/share/arachni/system/gems/gems/arachni-1.0.6/ui/cli/rpc/client/remote.rb:77:in `initialize'
 [-] /usr/share/arachni/system/gems/gems/arachni-1.0.6/bin/arachni_rpc:13:in `new'
 [-] /usr/share/arachni/system/gems/gems/arachni-1.0.6/bin/arachni_rpc:13:in `<top (required)>'
 [-] /usr/share/arachni/bin/../system/arachni-ui-web/bin/arachni_rpc:16:in `load'
 [-] /usr/share/arachni/bin/../system/arachni-ui-web/bin/arachni_rpc:16:in `<main>'
 [*] Shutting down and retrieving the report, please wait...
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection/tls.rb:66:in `connect_nonblock': Connection refused - SSL_connect for '0.0.0.0:49571'. (Arachni::RPC::Exceptions::ConnectionError)
        from /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection/tls.rb:66:in `start_tls'
        from /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/protocol.rb:23:in `on_connect'
        from /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection.rb:274:in `configure'
        from /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:205:in `block in connect'
        from /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection/error.rb:26:in `call'
        from /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/connection/error.rb:26:in `translate'
        from /usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:200:in `connect'
        from /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/client.rb:111:in `connect'
        from /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/client.rb:216:in `call_async'
        from /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/client.rb:235:in `call_sync'
        from /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/client.rb:196:in `call'
        from /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/proxy.rb:73:in `forward'
        from /usr/share/arachni/system/gems/gems/arachni-rpc-0.2.1.1/lib/arachni/rpc/proxy.rb:51:in `block in translate'
        from /usr/share/arachni/system/gems/gems/arachni-1.0.6/ui/cli/rpc/client/instance.rb:211:in `report_and_shutdown'
        from /usr/share/arachni/system/gems/gems/arachni-1.0.6/ui/cli/rpc/client/instance.rb:84:in `run'
        from /usr/share/arachni/system/gems/gems/arachni-1.0.6/ui/cli/rpc/client/remote.rb:77:in `initialize'
        from /usr/share/arachni/system/gems/gems/arachni-1.0.6/bin/arachni_rpc:13:in `new'
        from /usr/share/arachni/system/gems/gems/arachni-1.0.6/bin/arachni_rpc:13:in `<top (required)>'
        from /usr/share/arachni/bin/../system/arachni-ui-web/bin/arachni_rpc:16:in `load'
        from /usr/share/arachni/bin/../system/arachni-ui-web/bin/arachni_rpc:16:in `<main>'

Thanks,
Mandar

  1. 1 Posted by mandar.satam on 14 Aug, 2015 07:38 PM

    mandar.satam's Avatar

    Attaching error file just in case

  2. Support Staff 2 Posted by Tasos Laskos on 14 Aug, 2015 07:56 PM

    Tasos Laskos's Avatar

    You need to either bind the Dispatcher to the external address or specify an external address with --external-address.

    Right now the Dispatcher tells the client that the address of the Instance it provided is 0.0.0.0, which results in this error.

    Also, your version is quite outdated, you better grab the latest one from the site.
    Not sure how you're planning to deploy the Dispatchers, but better check out the license as well to be on the safe side.

    Cheers

  3. Tasos Laskos closed this discussion on 14 Aug, 2015 07:56 PM.

  4. mandar.satam re-opened this discussion on 14 Aug, 2015 08:41 PM

  5. 3 Posted by mandar.satam on 14 Aug, 2015 08:41 PM

    mandar.satam's Avatar

    Hi Tasos,

    Thanks for the quick response. Got it now seems like I had to use address and external-address options in conjunction to ensure that the client received the right values correctly. I did get the framework from Kali repositories so I am assuming that these are not updated recently. Also I am using the scanner for scanning internal applications when I am pentesting so hopefully this does not violate the license.

    Btw one more quick question is there a way to keep the webui framework on SSL or is it coz I am using an older version, that I dont get that option right now?

    Thanks,
    Mandar

  6. Support Staff 4 Posted by Tasos Laskos on 14 Aug, 2015 08:43 PM

    Tasos Laskos's Avatar

    Unfortunately the interface has no SSL support, if you need it you'll have to setup a reverse proxy, nginx will take care of that nicely.

    Cheers

  7. Tasos Laskos closed this discussion on 21 Aug, 2015 04:11 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac