HTTrack Website Copier
Free software offline browser - FORUM
Subject: httrack fails to copy HTTPS host with AUTH + SNI
Author: Joel Brunenberg
Date: 03/17/2017 16:31
 
Hi,

httrack seems to have a problem handling hosts that use both SNI and
Authentication. If I try to copy a host that is using SNI like that:

httrack -w <https://asdfgh:test@ip.jjim.de/>

I get the following error in the logfile of the webserver (apache 2.X):

[Fri Mar 17 16:24:39.020025 2017] [ssl:error] [pid 16208] AH02032: Hostname
asdfgh:test@ip.jjim.de provided via SNI and hostname ip.jjim.de provided via
HTTP are different

And the copy fails with error 400 (Bad Request).

This is quite unfortunate since it also inevitably leaks the username and
password in cleartext during the SNI negotiation. This looks like a security
problem in addition to a bug.

I am using HTTrack version 3.48-24 from debian unstable.

How can I resolve this?
Regards,

 Joel Brunenberg

 
Reply


All articles

Subject Author Date
httrack fails to copy HTTPS host with AUTH + SNI 03/17/2017 16:31
Re: httrack fails to copy HTTPS host with AUTH + SNI 03/20/2017 09:10




2

Created with FORUM 2.0.11