5

I was testing the tool wfuzz on kali linux, and I'm getting this warning.

Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.

I'm trying to brute force the password in the DVWA 'Vulnerable Web Application'. I was following this steps: https://ogma-sec.fr/dvwa-brute-force-command-execution-solutions-protections/ unfortunately it didn't work.

So my question is: it is because of the warning?

if Yes how can I compile pycURL against openssl?

by the way: I did flow this steps in the link bellow => https://github.com/xmendez/wfuzz/blob/master/docs/user/installation.rst and I'm stuck in the step 10.

Cœur
  • 37,241
  • 25
  • 195
  • 267
MIBE
  • 61
  • 1
  • 1
  • 6

5 Answers5

16

Any one still facing the problem or would in future, here are my steps by which I solved the issue.

The thing is in the most of the system pycurl comes pre-installed(pyhton3-pycurl) and that is not compiled with OpenSSL.

So firstly uninstall it. (for Debian based systems)
sudo apt --purge remove python3-pycurl

And install the dependencies for pycurl:
sudo apt install libcurl4-openssl-dev libssl-dev

And then re-install
sudo pip3 install pycurl wfuzz

Harshit Ruwali
  • 1,040
  • 2
  • 10
  • 22
  • 1
    This should be the accepted answer... Sadly there is a high risk that your answer never gets accepted with questions from users that have quite low reputation... Anyway, thanks! – m4110c Sep 04 '21 at 15:54
  • 2
    Definitely works! Thanks. I did have to re-link wfuzz in Kali with ln -s /usr/local/bin/wfuzz /usr/bin/wfuzz but it definitely solved the issue. – Steve Kline Nov 25 '21 at 15:50
2

If anyone still need it, Pycurl use libcurl4-openssl-dev for ssl connections, so try installing it:

sudo apt install libcurl4-openssl-dev

and then upgrade pycurl and wfuzz using pip3:

sudo pip3 install --upgrade pycurl sudo pip3 install --upgrade wfuzz

may you need install pip3 before:

sudo apt install python3-pip

Tané
  • 156
  • 6
0


mkdir ~/python-pycurl-openssl
cd ~/python-pycurl-openssl
sudo apt-get source python-pycurl
sudo apt-get build-dep python-pycurl
sudo apt-get install libcurl4-openssl-dev
sudo dpkg-source -x pycurl_7.43.0.1-0.2.dsc
cd pycurl-7.43.0.1/debian/control
sudo sed -i ‘s/libcurl4-gnutls-dev/libcurl4-openssl-dev/g’ control
sudo dpkg-buildpackage -rfakeroot -b
sudo dpkg -i python-pycurl_7.43.0.1-0.2_amd64.deb
Anubhav Gupta
  • 74
  • 6
0

I if u use the the "H" switch you should include the following parameter into double quotes regarding the parameter such as -H "Host: test.com", this happened with me a lot!

Hope you pass it.

mano
  • 1
0

If you see this message. bash# wfuzz bash: /usr/bin/wfuzz: No such file or directory

you need to add symbolic link

ln -s /usr/local/bin/wfuzz /usr/bin/wfuzz

Marcjin Sznurkowskl
  • 61
  • 3
  • I thinks it's better to add `/usr/local/bin` to your `$PATH` or else you will have to add a symlink to each and every package that gets installed there. – m4110c Sep 04 '21 at 17:28