EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

[mansam-ger]

[•] CVE-2021-44228 - Apache Log4j RCE Scanner
[•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
[•] Initiating DNS callback server (interact.sh).
[%] Checking for Log4j RCE CVE-2021-44228.
[•] URL: http://URLTOBESCANNED
[•] URL: http://URLTOBESCANNED | PAYLOAD: ${jndi:ldap://[snip].interact.sh/chef93i}
EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)
[•] Payloads sent to all URLs. Waiting for DNS OOB callbacks.
[•] Waiting...
[•] Targets does not seem to be vulnerable.

I try to scan an get the message in the title. it says the prxy does not respond. then it goes on to say that it scanned. so did the scan work or did it fail?

[Brasco]

Hi @mansam-ger , Are you sure that the machine is able to reach your PROXY ?

[macosxgeek]

I'm behind proxy as well. And I'm sure that I can reach proxy server from that machine (I'm using it for many other things and it's working fine)

I'm getting:

Traceback (most recent call last): File "/home/zetbee/log4j-scan-master/log4j-scan.py", line 349, in <module> main() File "/home/zetbee/log4j-scan-master/log4j-scan.py", line 319, in main dns_callback = Interactsh() File "/home/zetbee/log4j-scan-master/log4j-scan.py", line 185, in __init__ self.register() File "/home/zetbee/log4j-scan-master/log4j-scan.py", line 193, in register res = self.session.post( File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 504, in send raise ConnectTimeout(e, request=request) requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f84a975bac0>, 'Connection to interact.sh timed out. (connect timeout=30)'))

[Brasco]

Hi @macosxgeek , here it seems that you are not able to reach interact.sh. I syour machine or your preoxy able to reach it?

[macosxgeek]

I think so.. Sorry - I had to hide proxy IP.. But I'm getting:

/log4j-scan-master » curl -x xxx.xxx.xx.xx:xxxx interact.sh -I
HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Zscaler/6.1
Cache-Control: no-cache
Content-length: 14243

[macosxgeek]

Also - Can I ask if there is any specific format in which I need to enter the IP address and port of proxy server?
--proxy some.ip.address:port
--proxy "some.ip.address:port"
?

[Brasco]

the format for the proxy option is the one required by python requests:

"http[s]://(ip):(port)"

[Brasco]

let see if with this PR it goes better! let me know.

[mansam-ger]

Hi @mansam-ger , Are you sure that the machine is able to reach your PROXY ?

yes, proxy is reachable, proxy can connect to interact.sh (was also a problem i had to fix)
I try to scan server which are in an internal network, which are not reachable via Internet. Maybe thias causes the problem?

[mazen160]

I pushed a fix to make sure that interact and dnslog.cn are working with proxies, and also added a change to disable cert verification for interact-sh to help running the tool in networks with SSL interception.

Should be sorted now!

[macosxgeek]

Proxy is working fine now. But I'm getting:

requests.exceptions.ProxyError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))
maybe it's something with my proxy - I might try different proxy address.