From e9c9a693ff101133db9888aa9bc1e5e2f72ed1cd Mon Sep 17 00:00:00 2001 From: David Yates Date: Thu, 30 Jun 2016 11:59:12 +0200 Subject: [PATCH] Bypass cert verification --- jetleak_tester.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/jetleak_tester.py b/jetleak_tester.py index 4ca36cd..864ce8b 100644 --- a/jetleak_tester.py +++ b/jetleak_tester.py @@ -1,5 +1,6 @@ import httplib, urllib, ssl, string, sys, getopt from urlparse import urlparse +import ssl ''' @@ -25,7 +26,8 @@ conn = None if url.scheme == "https": - conn = httplib.HTTPSConnection(url.netloc + ":" + port) + sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1) # new SSL context to force no verification of cert + conn = httplib.HTTPSConnection(url.netloc + ":" + port, context=sslcontext) elif url.scheme == "http": conn = httplib.HTTPConnection(url.netloc + ":" + port) else: @@ -40,4 +42,4 @@ if (r1.status == 400 and ("Illegal character 0x0 in state" in r1.reason)): print("\r\nThis version of Jetty is VULNERABLE to JetLeak!") else: - print("\r\nThis version of Jetty is NOT vulnerable to JetLeak.") \ No newline at end of file + print("\r\nThis version of Jetty is NOT vulnerable to JetLeak.")