Automated Web application security testing tool “skipfish” was released recently which seem to have generated a lot of attention in the “security community”. So,I decided to give it a try and install it in my lab.
Unfortunately, I run very old Linux distros in my lab (like RedHat 9 for example) and I am too lazy to upgrade to newer versions. Anyways, during installation I soon realized that it’s not that easy to get skipfish up and running on RH9.
As with any installation on Linux, I had a quick look at the readme and skipfish wiki and went ahead with “make” command only to end up with -
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179, from http_client.h:26,
To fix this, I had to edit the “Makefile” in the skipfish dir and add the following entry to the “CFLAGS_GEN” variable –
Hoping to compile skipfish successfully this time, I proceeded with the make command and was greeted with a different error this time -
http_client.c:39:18: idna.h: No such file or directory
Apparently, I assumed libidn to be present on RH9 and had not read the “knownIssues” doc properly. Thankfully, downloading libidn source and installing was pretty straight forward and went without a glitch. Finally, skipfish compiled successfully !
Sadly, my problems were not over :(. When I tried to run it, I got the following error -
./skipfish: error while loading shared libraries: libidn.so.11: cannot open shared object file: No such file or directory
After some googling I found a way to fix this. Just add “/usr/local/lib” to “/etc/ld.so.conf” and rebuild the dynamic run-time bindings cache using “ldconfig –v”.
That did the trick and I had skipfish version 1.13b running on my RH9 system.
Happy skipfish’ing… :)