fix #506, add support for tls-renegotiation

OJ · May 17, 2024 · 71bec99 · 71bec99
1 parent cb4be2a
commit 71bec99
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ All funds that are donated to this project will be donated to charity. A full lo
 - fix extra special characters when run with `--no-progress`
 - warn when using vhost mode with a proxy and http based urls as this might not work as expected
 - add `interface` and `local-ip` parameters to specify the interface for http requests
+- add support for tls renegotiation
 
 ## 3.6
 

diff --git a/cli/options.go b/cli/options.go
@@ -32,6 +32,7 @@ func BasicHTTPOptions() []cli.Flag {
  &cli.StringFlag{Name: "client-cert-pem-key", Aliases: []string{"ccpk"}, Usage: "private key in PEM format for optional TLS client certificates (this key needs to have no password)"},
  &cli.StringFlag{Name: "client-cert-p12", Aliases: []string{"ccp12"}, Usage: "a p12 file to use for options TLS client certificates"},
  &cli.StringFlag{Name: "client-cert-p12-password", Aliases: []string{"ccp12p"}, Usage: "the password to the p12 file"},
+ &cli.BoolFlag{Name: "tls-renegotiation", Value: false, Usage: "Enable TLS renegotiation"},
  &cli.StringFlag{Name: "interface", Aliases: []string{"iface"}, Usage: "specify network interface to use. Can't be used with local-ip"},
  &cli.StringFlag{Name: "local-ip", Usage: "specify local ip of network interface to use. Can't be used with interface"},
  }
@@ -84,6 +85,8 @@ func ParseBasicHTTPOptions(c *cli.Context) (libgobuster.BasicHTTPOptions, error)
  }
  }
 
+ opts.TLSRenegotiation = c.Bool("tls-renegotiation")
+
  iface := c.String("interface")
  localIP := c.String("local-ip")
  if iface != "" && localIP != "" {

diff --git a/libgobuster/http.go b/libgobuster/http.go
@@ -79,6 +79,9 @@ func NewHTTPClient(opt *HTTPOptions, logger *Logger) (*HTTPClient, error) {
  if opt.TLSCertificate != nil {
  tlsConfig.Certificates = []tls.Certificate{*opt.TLSCertificate}
  }
+ if opt.TLSRenegotiation {
+ tlsConfig.Renegotiation = tls.RenegotiateOnceAsClient
+ }
 
  transport := &http.Transport{
  Proxy: proxyURLFunc,

diff --git a/libgobuster/options_http.go b/libgobuster/options_http.go
@@ -8,14 +8,15 @@ import (
 
 // BasicHTTPOptions defines only core http options
 type BasicHTTPOptions struct {
- UserAgent string
- Proxy string
- NoTLSValidation bool
- Timeout time.Duration
- RetryOnTimeout bool
- RetryAttempts int
- TLSCertificate *tls.Certificate
- LocalAddr net.Addr
+ UserAgent string
+ Proxy string
+ NoTLSValidation bool
+ Timeout time.Duration
+ RetryOnTimeout bool
+ RetryAttempts int
+ TLSCertificate *tls.Certificate
+ TLSRenegotiation bool
+ LocalAddr net.Addr
 }
 
 // HTTPOptions is the struct to pass in all http options to Gobuster