InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail.

While retriving C&C servers for palevo bots, I encountered an error -

 "InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail....."

psj@psj-desktop:~/Developement/palevo$ python requests_palevo_domains.py
/usr/local/lib/python2.6/dist-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Traceback (most recent call last):
  File "requests_proxy_usage.py", line 9, in <module>
    r=requests.get('https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist',proxies=proxy_dict)
  File "/usr/local/lib/python2.6/dist-packages/requests/api.py", line 69, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 465, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 573, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/adapters.py", line 431, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 8] _ssl.c:480: EOF occurred in violation of protocol

There are multiple ways to overcome this issue:

1) Upgrade to python 2.7.9  as suggested in urllib3 documentation - https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning

2) By default, python standard library’s ssl module is used. Unfortunately, there are several limitations which are addressed by PyOpenSSL:

• (Python 2.x) SNI support.
• (Python 2.x-3.2) Disabling compression to mitigate CRIME attack.

To use the Python OpenSSL bindings instead, you’ll need to install the required packages:

$ pip install --upgrade pyopenssl ndg-httpsclient pyasn1

or 

$ pip install requests[security] 

Keeping track of programs generating TCP/UDP traffic on Windows

While doing routine security investigation, there was a requirement to track the program generating some TCP traffic. I made use of Sysinternal's TCPView to find out the offending program.

Here are some other options, if you are interested.

1) TCPView - It is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.

Download link - https://technet.microsoft.com/en-us/library/bb897437.aspx

2)Microsoft network monitor is another tool.

Download link - https://www.microsoft.com/en-us/download/details.aspx?id=4865

If interested in commericial version, NetBalancer is a good utility.

Download link -

1. Netbalancer - https://netbalancer.com/download
2. Command line version - https://netbalancer.com/docs#command_line__nbcmd_exe_

If you have installed Sysinternal utilities on PC, there is a utility namely, Tcpvcon.
Tcpvcon usage is similar to that of the built-in Windows netstat utility.

Usage: tcpvcon [-a] [-c] [-n] [process name or PID]
-a     Show all endpoints (default is to show established TCP connections).
-c     Print output as CSV.
-n     Don't resolve addresses..

If you wish to stick to old netstat utility, here is the way to find out the program ID making TCP/UDP connections:

c:\> netstat -nab