No route to host, burp - burp

I'm trying to proxy to any https connection and I have in alert section this message:
No route host
error
burp certificate add
I have tried to solve it, reinstalled burp, reinstalled the certificate, set a manual network configuration.
Does somebody know how to solve this issue?

The first thing to check is that you can browse these sites directly from your web browser, without Burp.
If you are on a corporate network you may need to use a proxy. In that case you need to set this as an "Upstream proxy" in User options > Connections.
Another possibility is that a host firewall is blocking the outbound connection.

Related

Unable to open Public IPv4 DNS in AWS EC2 - Linux instance

I have a Spring boot project which I want to host on an AWS-EC2 instance. I was able to create its image using Git-hub, Jenkin and docker. I was also able to successfully pull and run this image in the Linux console of my AWS-EC2 instance.
According the tutorial I was following I should have been able to open the project now using the public IPv4 DNS but the response I got was that it refuse to connect.
I know that this usually has to do with Inbound rules so I added a rule to allow all traffic but it didn't help.
For anyone who wants to know:
Git-hub repository: https://github.com/SalahuddinShayan/telecom
Docker-Hub repository: https://hub.docker.com/repository/docker/salahuddinshayan/telecom
Command I used to run the image in AWS:
docker run -p8081:8081 --name final-app --link docker-mysql:mysql salahuddinshayan/telecom
Security Groups:
Networking Details:
Here is the Error:
I am completely stumped by it. Does anyone an idea on what to do to fix this?
Please check if your client is calling the right protocol, e.g. http vs https.
You are transmitting on port 8081. http://3.110.29.193:8081/ works fine from the EC2 side. 404 status is raised, so this is a client side error, not a server side error.
It means that no firewall is blocking traffic and a process (your app) was found that listens on IP:Port that you require. The problem is that the process it encountered (your app) is sending only a WhiteLabel Error Page, which is a generic Spring Boot error page that is displayed when no custom error page is present. So the issue is with the Spring app itself and not with EC2 or with connection. In other words: the traffic can reach your Spring app, but your Spring app has nothing to say in response.
As a side note, after deploying your app I would advise to refine the inbound traffic rules to allow only the traffic you want. There is no need of allowing all traffic on all ports.

How to reach a webserver via fargate?

I have created a webpage with clojure and it works perfectly on ec2 on port 8555 with ssl. It also works in the docker container in the same ec2 machine.
It does not work in a fargate container in front of an nlb. I have my dns on the load balancer. The private ip of the running container is also healthy and the security group has an inbound rule for 8555
If i invoke the site: https://www.doppelkopf.me:8555
Secure Connection Failed
An error occurred during a connection to www.doppelkopf.me:8555. SSL peer was unable to negotiate an acceptable set of security parameters.
Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
If i invoke without ssl, i get at least an encrypted hello world:
http://www.doppelkopf.me:8555
Does ssl need to initiate a connection as well? Do i maybe need nat-gateway? My certicate is in my container.
I do not know why, but this suddenly worked, when i changed the port from 8555 to 443 with ssl.

Connection refused error with AWS + Hashicorp Vault

I have configured a Hashicorp Vault server on a EC2 instance. When trying to use postman to test transit secret engine API I keep getting a error connection refused on postman, I went full ape mode and opened all ports on the security group inbound rule and it didn't work, I attached an elastic IP to the instance and didnt work either, im just trying with a simple GET and I just keep getting the same connectionrefused error.
When I use cUrl on the ssh connected session i have no issues though. The specified hosted adress is 127.0.0.1:8200, in postman I replaced that localhost with the public adress of the instance that i obviously censored in the screencap, in the headers theres the token needed to access vault, for simplicity I was just using the root token.
Postman screecap if it helps
#Emilio Marchant
I have faced similar issue (not with postman, but with telnet), Let's try to understand problem here.
The issue is with 127.0.0.1 IP. This is loopback IP and When you (or your computer) call an IP address, you are usually trying to contact another computer on the internet. However, if you call the IP address 127.0.0.1 then you are communicating with the localhost – in principle, with your own computer.
Reference link : https://www.ionos.com/digitalguide/server/know-how/localhost/
What you can try is below.
Start vault dev server with --dev-listen-address parameter.
Eg:
vault server -dev -dev-listen-address="123.456.789.1:8200"
in above command replace '123.456.789.1:8200' with '<your ec2 instance private IP : 8200'>
Next set VAULT_ADDR and VAULT_TOKEN parameter as below
export VAULT_ADDR='http://123.456.789.1:8200'
export VAULT_TOKEN='*****************'
Again replace 'http://123.456.789.1:8200' with 'http://[Your ec2 instance private IP]:8200'
For Vault_token : you should get a root token in console, when you start vault server , use that token
Now try to connect from postman or using curl command. It should work.
Reference question and solution :
How to connect to remote hashicorp vault server
The notable thing here is that the response is "connection refused". This error means that the connection is getting established and it found that there are no processes running on that port. This error means that there is no issue with firewall. A firewall will cause the connection to either drop (reject) or timeout (ignore), but won't give "Econnrefused".
The most likely issue is that the vault server process is not bound to the correct network interface. There must be a configuration in hashicorp-vault to setup the IP on which to bind. Most servers, by default, bind only on loopback address which is accessible only from 127.0.0.1. You need to bind it to "all" network interfaces by changing that to 0.0.0.0. I am not aware of the specific configuration option of hashicorp vault, but there has to be something to this effect.
Possible security issue:
Note that some servers expect you to run it behind a reverse proxy so that you can setup SSL (https) and other authentication if needed. Applications like vault servers should not be publicly accessible on http without SSL.

Wild card SSL not working on subdomain pointed to different server

This could be possibly a duplicate question, but I've tried every solution I found and nothing worked. On main domain, I've successfully installed SSL and it is working fine. I need to install the same wild card SSL on other two instances which are using for subdomain.
The overall structure I've setup so far is as follows -
Cloudflare is using for CDN where I've created A record for all 3 instances. One for main domain and other 2 for subdomains.
Created 3 instances (Ubuntu 18.04 + Apache) on AWS EC2
When I am hitting subdomain in browser, it is showing lock sign but with Error 521 : Web server is down
but When I am trying it with default Public DNS, it is showing my page without any error.
Please suggest what is missing here. Thanks much!!
The 521 error from CloudFlare indicates that it is unable to speak to your host on that port.
Error 521 occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certain Cloudflare IP addresses.
The two most common causes of 521 errors are:
Offlined origin web server application
Blocked Cloudflare requests
Please check the following:
The EC2 security group is allowing inbound access on both port 80/443 (this cannot be locked down to your IP address).
If a NACL is in place (which is not the default one) ensure that both the communication ports (80/443) and the ephemeral ports are open.
Ensure that the servers are listening on both port 80/443.
It is important to identify whether CloudFlare it attempting to connect to HTTP or HTTPS, it can support both of these models based on the configuration.
If you're still stuck after these points you can attempt to validate the requests going to your server using VPC Flow Logs.
Finally, this answer gave me a hint How to install third-party SSL Certificate with AWS EC2 Instance (Ubuntu AMI)? Will it cost one-time or monthly basis?
And I resolved this error as follow -
1. Downloaded the certificate files from primary server
2. Uploaded the same certificate files to the secondary server where the subdomain is pointed
3. then edit /etc/apache2/sites-available/default-ssl.conf file on secondary server, search for "SSLCertificate" and change the following lines
4. Enable the SSL configuration, and restart the webserver.
ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/
apachectl configtest
apachectl graceful

Connection getting refused to socket.io server on Amazon EC2

I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port