Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positive with untrusted flag, but manual certificate check shows trusted status #268

Closed
whydee86 opened this issue May 26, 2023 · 2 comments · Fixed by #296
Closed

False positive with untrusted flag, but manual certificate check shows trusted status #268

whydee86 opened this issue May 26, 2023 · 2 comments · Fixed by #296
Assignees
@RamanaReddy0M
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@whydee86
Copy link

whydee86 commented May 26, 2023
edited
Loading

tlsx version: v1.0.9

Current Behavior:

In my case, the tool flagged a certificate as untrusted, but the manual inspection of the certificate showed it to be trusted.

Expected Behavior:

The tlsx tool should accurately identify untrusted certificates, providing reliable results consistent with manual certificate checks.

Steps To Reproduce:

  1. Run tlsx tool with the appropriate parameters on the target website. (tlsx -un -host ebay.co.jp)
  2. Note the output and observe if any untrusted flags are raised.
  3. Manually check the certificate of the website using other methods (e.g., web browser)

Anything else:

List of Certificates:

(https://ebay.co.jp/): The tlsx tool flagged the certificate as untrusted, but manual inspection showed it to be trusted.
(https://www.mylandscapes.co.uk/): Similarly, the tool indicated an untrusted certificate, while manual inspection confirmed its trustworthiness.
(https://comicon.it/): Another instance where the tool's untrusted flag did not match the actual trusted status of the certificate.

More Certificates for example:

image

I believe this issue is worth investigating to ensure the accuracy of the tlsx tool's results.
@whydee86 whydee86 added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label May 26, 2023
@ehsandeep ehsandeep added this to the tlsx v1.1.0 milestone Jun 4, 2023
@RamanaReddy0M RamanaReddy0M self-assigned this Jun 9, 2023
@ehsandeep ehsandeep removed this from the tlsx v1.1.0 milestone Jun 19, 2023
@RamanaReddy0M RamanaReddy0M linked a pull request Jun 29, 2023 that will close this issue
fix false positive with untrusted flag #296
Merged
@RamanaReddy0M RamanaReddy0M mentioned this issue Jun 29, 2023
Merged
@ehsandeep ehsandeep added Status: Review Needed The issue has a PR attached to it which needs to be reviewed Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Jun 29, 2023
@ehsandeep
Copy link
Member

@whydee86 this is now fixed in latest release - https://github.com/projectdiscovery/tlsx/releases/tag/v1.1.1

@whydee86
Copy link
Author

whydee86 commented Jul 4, 2023

I appreciate your attention and resolution to this issue.
It's working amazing now, as you can see in the image below. Thank you!
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RamanaReddy0M RamanaReddy0M

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix false positive with untrusted flag projectdiscovery/tlsx
3 participants
@ehsandeep @whydee86 @RamanaReddy0M