如何在pyMetasploit模块中验证SSL证书?

时间:2019-02-01 14:10:39

标签: python ssl-certificate metasploit

我正在使用pyMetasploit模块进行metasploit msfconsole的远程访问 使用链接中所示的示例 https://github.com/allfro/pymetasploit和 我从下载了metasploit https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers

当我尝试连接时,出现SSL证书错误, 该如何解决?

使用以下命令创建RPC侦听器

 msfrpcd -P password -n -f -a 127.0.0.1



 from metasploit.msfrpc import MsfRpcClient

 client = MsfRpcClient('password')

我遇到错误

 Traceback (most recent call last):
 File "<stdin>", line 1, in <module>
 File "/home/user1/.local/lib/python2.7/site-packages/metasploit/msfrpc.py", line 207, in __init__
  self.login(kwargs.get('username', 'msf'), password)
 File "/home/user1/.local/lib/python2.7/site-packages/metasploit/msfrpc.py", line 309, in login
  r = self.call(MsfRpcMethod.AuthLogin, username, password)
 File "/home/user1/.local/lib/python2.7/site-packages/metasploit/msfrpc.py", line 224, in call
  self.client.request('POST', self.uri, packb(l), self._headers)
 File "/usr/lib/python2.7/httplib.py", line 1057, in request
  self._send_request(method, url, body, headers)
 File "/usr/lib/python2.7/httplib.py", line 1097, in _send_request
  self.endheaders(body)
 File "/usr/lib/python2.7/httplib.py", line 1053, in endheaders
  self._send_output(message_body)
 File "/usr/lib/python2.7/httplib.py", line 897, in _send_output
  self.send(msg)
 File "/usr/lib/python2.7/httplib.py", line 859, in send
  self.connect()
 File "/usr/lib/python2.7/httplib.py", line 1278, in connect
  server_hostname=server_hostname)
 File "/usr/lib/python2.7/ssl.py", line 353, in wrap_socket
  _context=self)
 File "/usr/lib/python2.7/ssl.py", line 601, in __init__
  self.do_handshake()
 File "/usr/lib/python2.7/ssl.py", line 830, in do_handshake
  self._sslobj.do_handshake()

1 个答案:

答案 0 :(得分:0)

通过引用以下链接:https://github.com/allfro/pymetasploit/issues/10 我发现下面的代码对我有用。

 import ssl
 try:
     _create_unverified_https_context = ssl._create_unverified_context
 except AttributeError:
     pass
 else:
     ssl._create_default_https_context = _create_unverified_https_context

 from metasploit.msfrpc import MsfRpcClient
 client = MsfRpcClient('password')