TLS-Scanner icon indicating copy to clipboard operation
TLS-Scanner copied to clipboard
verified publisher icon tls-attacker

java.lang.RuntimeException: Unable to initialize the transport handler

Open m10x opened this issue 1 year ago • 3 comments

On a certain target the TLS Scanner crashes because of a RuntimeException. Here is the stacktrace:

INFO : ThreadedScanJobExecutor - Padding oracle probe executed
ERROR: ThreadedScanJobExecutor - Some probe execution failed
java.util.concurrent.ExecutionException: de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException: Unable to initialize the transport handler
	at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
	at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.executeProbesTillNoneCanBeExecuted(ThreadedScanJobExecutor.java:112)
	at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.execute(ThreadedScanJobExecutor.java:82)
	at de.rub.nds.scanner.core.execution.Scanner.scan(Scanner.java:159)
	at de.rub.nds.tlsscanner.serverscanner.Main.main(Main.java:44)
Caused by: de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException: Unable to initialize the transport handler
	at de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor.initTransportHandler(WorkflowExecutor.java:137)
	at de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor.initAllLayer(WorkflowExecutor.java:216)
	at de.rub.nds.tlsattacker.core.workflow.DefaultWorkflowExecutor.executeWorkflow(DefaultWorkflowExecutor.java:36)
	at de.rub.nds.tlsattacker.core.util.CertificateFetcher.fetchServerCertificateChain(CertificateFetcher.java:62)
	at de.rub.nds.tlsattacker.core.util.CertificateFetcher.fetchServerPublicKey(CertificateFetcher.java:38)
	at de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.BleichenbacherAttacker.getServerPublicKey(BleichenbacherAttacker.java:231)
	at de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.BleichenbacherAttacker.createVectorResponseList(BleichenbacherAttacker.java:119)
	at de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.BleichenbacherAttacker.isVulnerable(BleichenbacherAttacker.java:89)
	at de.rub.nds.tlsscanner.serverscanner.probe.BleichenbacherProbe.getBleichenbacherOracleInformationLeakTest(BleichenbacherProbe.java:150)
	at de.rub.nds.tlsscanner.serverscanner.probe.BleichenbacherProbe.extendFingerPrint(BleichenbacherProbe.java:173)
	at de.rub.nds.tlsscanner.serverscanner.probe.BleichenbacherProbe.executeTest(BleichenbacherProbe.java:104)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.IOException: Could not connect to 81.63.142.227:4333
	at de.rub.nds.tlsattacker.transport.tcp.ClientTcpTransportHandler.initialize(ClientTcpTransportHandler.java:109)
	at de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor.initTransportHandler(WorkflowExecutor.java:129)
	... 17 more
Exception in thread "main" java.lang.RuntimeException: java.util.concurrent.ExecutionException: de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException: Unable to initialize the transport handler
	at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.executeProbesTillNoneCanBeExecuted(ThreadedScanJobExecutor.java:116)
	at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.execute(ThreadedScanJobExecutor.java:82)
	at de.rub.nds.scanner.core.execution.Scanner.scan(Scanner.java:159)
	at de.rub.nds.tlsscanner.serverscanner.Main.main(Main.java:44)
Caused by: java.util.concurrent.ExecutionException: de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException: Unable to initialize the transport handler
	at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
	at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.executeProbesTillNoneCanBeExecuted(ThreadedScanJobExecutor.java:112)
	... 3 more
Caused by: de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException: Unable to initialize the transport handler
	at de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor.initTransportHandler(WorkflowExecutor.java:137)
	at de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor.initAllLayer(WorkflowExecutor.java:216)
	at de.rub.nds.tlsattacker.core.workflow.DefaultWorkflowExecutor.executeWorkflow(DefaultWorkflowExecutor.java:36)
	at de.rub.nds.tlsattacker.core.util.CertificateFetcher.fetchServerCertificateChain(CertificateFetcher.java:62)
	at de.rub.nds.tlsattacker.core.util.CertificateFetcher.fetchServerPublicKey(CertificateFetcher.java:38)
	at de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.BleichenbacherAttacker.getServerPublicKey(BleichenbacherAttacker.java:231)
	at de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.BleichenbacherAttacker.createVectorResponseList(BleichenbacherAttacker.java:119)
	at de.rub.nds.tlsscanner.serverscanner.probe.bleichenbacher.BleichenbacherAttacker.isVulnerable(BleichenbacherAttacker.java:89)
	at de.rub.nds.tlsscanner.serverscanner.probe.BleichenbacherProbe.getBleichenbacherOracleInformationLeakTest(BleichenbacherProbe.java:150)
	at de.rub.nds.tlsscanner.serverscanner.probe.BleichenbacherProbe.extendFingerPrint(BleichenbacherProbe.java:173)
	at de.rub.nds.tlsscanner.serverscanner.probe.BleichenbacherProbe.executeTest(BleichenbacherProbe.java:104)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.IOException: Could not connect to 81.63.142.227:4333
	at de.rub.nds.tlsattacker.transport.tcp.ClientTcpTransportHandler.initialize(ClientTcpTransportHandler.java:109)
	at de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor.initTransportHandler(WorkflowExecutor.java:129)
	... 17 more
WARN : SessionTicketProbe - Could not scan SessionTickets for version TLS12
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketProbe.performInitialConnections(SessionTicketProbe.java:86)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketProbe.checkVersionChange(SessionTicketProbe.java:129)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketProbe.executeTest(SessionTicketProbe.java:58)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
WARN : SessionTicketProbe - Could not scan SessionTickets for version TLS13
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketProbe.performInitialConnections(SessionTicketProbe.java:86)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketProbe.checkVersionChange(SessionTicketProbe.java:129)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketProbe.executeTest(SessionTicketProbe.java:58)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
ERROR: SessionTicketManipulationProbe - Could not scan SessionTicketManipulation for version TLS12
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:32)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketManipulationProbe.checkManipulation(SessionTicketManipulationProbe.java:172)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketManipulationProbe.executeTest(SessionTicketManipulationProbe.java:70)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
ERROR: SessionTicketManipulationProbe - Could not scan SessionTicketManipulation for version TLS13
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:32)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketManipulationProbe.checkManipulation(SessionTicketManipulationProbe.java:172)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketManipulationProbe.executeTest(SessionTicketManipulationProbe.java:70)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
ERROR: SessionTicketPaddingOracleProbe - Could not scan SessionTickets Padding Oracle for version TLS12
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:32)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketPaddingOracleProbe.checkPaddingOracle(SessionTicketPaddingOracleProbe.java:189)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketPaddingOracleProbe.executeTest(SessionTicketPaddingOracleProbe.java:155)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
ERROR: SessionTicketPaddingOracleProbe - Could not scan SessionTickets Padding Oracle for version TLS13
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:32)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketPaddingOracleProbe.checkPaddingOracle(SessionTicketPaddingOracleProbe.java:189)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketPaddingOracleProbe.executeTest(SessionTicketPaddingOracleProbe.java:155)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
WARN : SessionTicketCollectingProbe - Could not collect SessionTickets for version TLS12
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketCollectingProbe.collectTickets(SessionTicketCollectingProbe.java:62)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketCollectingProbe.executeTest(SessionTicketCollectingProbe.java:36)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
WARN : SessionTicketCollectingProbe - Could not collect SessionTickets for version TLS13
java.lang.RuntimeException: Cannot add Tasks to already shutdown executor
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addTask(ParallelExecutor.java:87)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.addStateTask(ParallelExecutor.java:108)
	at de.rub.nds.tlsattacker.core.workflow.ParallelExecutor.bulkExecuteStateTasks(ParallelExecutor.java:114)
	at de.rub.nds.tlsscanner.core.probe.TlsProbe.executeState(TlsProbe.java:36)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketCollectingProbe.collectTickets(SessionTicketCollectingProbe.java:62)
	at de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketCollectingProbe.executeTest(SessionTicketCollectingProbe.java:36)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:45)
	at de.rub.nds.scanner.core.probe.ScannerProbe.call(ScannerProbe.java:25)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)

m10x avatar Jan 23 '25 06:01 m10x

The relevant stack trace is the first one, with the root exception being Caused by: java.io.IOException: Could not connect to 81.63.142.227:4333. Can you ensure the address is reachable from the scanning machine when that exception occurs? It could be possible that a firewall is dynamically blocking the scan after several probes. Otherwise, TLS-Scanner should notice that the server is unreachable before starting the scan. All the other exceptions are just a symptom of the address being unreachable.

XoMEX avatar Jan 23 '25 07:01 XoMEX

Oh, my bad. I didn't follow the first exception to the end

m10x avatar Jan 28 '25 13:01 m10x

Reopening cause this is still kind of shit behavior - if the target blocks us or crashes mid scan we should detect this and not throw exception and stay in reexecution hell. I assume the proper way is have a "consecutive connection failure" limit - when its reached we abort the scan. Also we should probably fix the exception handling here - if we cannot connect this should not be handled like a generic exception that throws ERROR's but should be handled gracefully

ic0ns avatar Feb 05 '25 05:02 ic0ns