CFScanner
CFScanner copied to clipboard
MortezaBashsiz
curl ignores --resolve
As in ubuntu 20.04:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
$ uname -a
Linux #redacted# 5.15.0-58-generic #64~20.04.1-Ubuntu SMP Fri Jan 6 #redacted# UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ curl --version
curl 7.72.0 (Linux) libcurl/7.72.0 OpenSSL/1.1.1f zlib/1.2.11
Release-Date: 2020-08-19
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTPS-proxy IPv6 Largefile libz NTLM SSL UnixSockets
$ curl -v -s -w "%{http_code}\n" --tlsv1.2 -servername fronting.sudoer.net -H "Host: fronting.sudoer.net" --resolve fronting.sudoer.net:443:185.148.105.163 https://fronting.sudoer.net
* fronting.sudoer.net:443:185.148.105.163 to DNS cache
* Trying 172.67.217.46:80...
* Trying 2606:####:3030::###:5347:80...
* Immediate connect fail for 2606:4700:3030::###:5347: Network is unreachable
* Trying 2606:4700:3035::####:d92e:80...
* Immediate connect fail for 2606:####:3035::###:d92e: Network is unreachable
It's look like --tlsv1.2 option is responsible for this issue. Removing mentioned options will make curl behave.
$ curl -k -v -s -w "%{http_code}\n" -H "Host: fronting.sudoer.net" --resolve fronting.sudoer.net:443:31.43.179.144 https://fronting.sudoer.net
* Added fronting.sudoer.net:443:31.43.179.144 to DNS cache
* Hostname fronting.sudoer.net was found in DNS cache
* Trying 31.43.179.144:443...
* Connected to fronting.sudoer.net (31.43.179.144) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
