Hey guys! I wanted to tell you handshake fail that caused trouble me on time. If you familiar with information gathering, I mean if you’ve tried to code an information gathering tool, you may have come face to face already or you’ll be come soon. So why this problem occurs?
The SSL handshake is initiated when your browser issues a secure connection request to a Web server. The server sends a public key to your computer, and your computer checks the certificate against a known list of certificate authorities. In your code there is no list of certificate authorities. So you must give permission to trust all servers. This problem may occur in every language like Python,C++ etc. But already you know why it occurs. Just keep that in your mind, there is no certificate list and you must give permission.(The code below is stepping in 3.step in the photo) That’s all. After accepting the certificate, your computer generates a key, and then encrypts it using the server’s public key. If the SSL handshake fails, your connection to the Web server will not be secure.
public static void trustEveryone() {
try {
HttpsURLConnection.setDefaultHostnameVerifier((String hostname, SSLSession session) -> true);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new X509TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}}, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(
context.getSocketFactory());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
}
}
fosonecy.home.blog 