hatching / httpreplay Goto Github PK
View Code? Open in Web Editor NEWReplay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.
License: Other
Replay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.
License: Other
Hi,
I've noticed that I was unable to decrypt the traffic normally one of the requests was using the "br" encoding in the header "content-encoding" (that's what I understood). The request was in HTTP/2.0.
Can you check this ? (I was analyzing "https://www.airfrance.fr" with Cuckoo).
FYI, I post the issue here because it's httpreplay that is raising an error :)
Thank you
Source is commented with
# See the file 'LICENSE' for copying permission
But actual license file is missing
This may or may not be an issue depending on the intent of reader.py. But, httpreplay/reader.py passes a file path (variable name fp) to dkpt/pcap.py but dkpt wants a file object. This is causing issues in cuckoo/modules/processing/network.py (Cuckoo Sandbox 2.0-RC1).
READER.PY
def __init__(self, fp):
self.tcp = None
self.udp = None
self.values = []
try:
#SHOULD PASS FILE OBJECT NOT PATH
self.pcap = dpkt.pcap.Reader(fp)
except ValueError as e:
if e.message == "invalid tcpdump header":
log.critical("Currently we don't support PCAP-NG files")
self.pcap = None
PCAP.PY INIT
class Reader(object):
"""Simple pypcap-compatible pcap file reader."""
def __init__(self, fileobj):
self.name = getattr(fileobj, 'name', '<%s>' % fileobj.__class__.__name__)
self.__f = fileobj
blah blah blah....
The last release on PyPi is 0.2.6.
The current release in the master is 1.0.
Thanks
Hi Jurriaan,
i have taken a look at the code of httpreplay, because i had some issues during the decrytion of https traffic with cuckoo. My thoughts about these issues are that you are using tlslite within the code, but tlslite does not support newer cipher suites. Whereas within the code of setup.py you are using tlslite-ng as dependency and not tlslite.
Is that just a typing error that smegma.py is using tlslite as importing library?!?
Cheers,
Hi Jurriaan,
i found a strange error decoding some sessions. I added the pcap.
The error "AttributeError: 'str' object has no attribute 'name'" that you see if running without debugging is not correct. Inside the debugger you get a assert because it is not a block cipher (see attachment)
I just connected to https://www.heise.de. The error occurs inside tlslite-ng. There seems to be the same error with version 0.7-alpha2.
tlsmaster.txt
subj.
This package is required by Cuckoo sandbox, but we do not have/want the outdated version.
The latest mitmproxy supports python3, please migrate.
Thanks
Hello, would you be able to publish a new release? There's a bug where you changed the function name (init_to_str
to inet_to_str
), but not other places that call this function. You fixed this, but the latest release (0.2.6) doesn't have the fix.
Could you please publish a release with commit fca7349 in it? That would be greatly appreciated!
Hi,
I am trying to use your tool, but I am facing some difficulties. I have a pcap file containing the whole communication between my kali linux and a webserver, where kali linux sends packages from different ports to the webserver and the webserver responds with content or some HTTP error codes.
When I am strarting httpreplay with this pcap file, I get an output of all HTTP requests in the pcap file (seems to be everything okay), in addition I see some warnings that there are unknown streams. When I look at wireshark or tcp dump I don't see that any packages are sent. Am I missing some essential point or am I missinterpreting the purpose of the code? May the unknown streams be an issue?
Thanks for any help!
I read that invalid order pcap file by Wireshark and everything just OK.
Don't know why this error show up?
P/s: I think that DumpTLSMasterSecret module fail leading to this problem.
2017-07-30 05:50:58,595 [cuckoo.processing.network] ERROR: Error running httpreplay-based PCAP analysis
Traceback (most recent call last):
File "/root/cuckoo/cuckoo_28_7/cuckoo/processing/network.py", line 899, in run
results.update(p2.run())
File "/root/cuckoo/cuckoo_28_7/cuckoo/processing/network.py", line 776, in run
l = sorted(r.process(), key=lambda x: x[1])
File "build/bdist.linux-x86_64/egg/httpreplay/reader.py", line 118, in process
self.tcp and self.tcp.process(ts, ip, packet)
File "build/bdist.linux-x86_64/egg/httpreplay/smegma.py", line 87, in process
s.process(ts, tcp, to_server)
File "build/bdist.linux-x86_64/egg/httpreplay/smegma.py", line 361, in process
self.states[self.state](self, ts, tcp, to_server)
File "build/bdist.linux-x86_64/egg/httpreplay/smegma.py", line 126, in state_init_syn
raise InvalidTcpPacketOrder(tcp)
InvalidTcpPacketOrder: �������KԌ�P@5�D EEEFFDELFEEPFACNFBDCEEFCFADHEICA FHEJEOCNDIEPEGEMFBFEFFEEEOEDLAA
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.