Giters

KasperskyLab / TinyCheck

TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unable to launch/access frontend.

HonourableTyr opened this issue · comments

commented

I have been having numerous issues trying to get TinyCheck to run and slowly overcoming each one. The final hurdle seems to be getting the front end to work.

I am able to access the backend at https://127.0.0.1 and configure it easily enough. It detects the two WiFi devices, onboard and USB, as well as the disconnected ethernet. The onboard WiFi is connected to a router and the internet.

Whenever I try to launch or access the frontend I just get an error message in Chromium as below:

This site can’t be reached

127.0.0.1 refused to connect.
Try:

  • Checking the connection
  • Checking the proxy and the firewall

ERR_CONNECTION_REFUSED

I am still a novice when it comes to Linux and anything Raspberry Pi.

I am running TinyCheck on an Raspberry Pi 400 with Raspbian 10 "Buster". It is a fresh standard 32-bit image with all packages updated.

No errors were reported during installation of TinyCheck.

I did have to make a minor modification the execution script as "chromium-browser" doesn't exist on the current Raspbian install, it is just called "chromium".

If i bash the kiosk script in the terminal I get the following errors:

Opening in existing browser session.
[3187:3187:0217/142107.370387:ERROR:broker_posix.cc(43)] Invalid node channel message
[3184:3184:0100/000000.158348:ERROR:gpu_init.cc(426)] Passthrough is not supported, GL is desktop
[3184:3184:0100/000000.206342:ERROR:broker_posix.cc(43)] Invalid node channel message

That doesn't mean much to my non-programmer mind and I'd appreciate some help.

commented

I was unable to reproduce your problem. I didn't have to change the the script either, are you using the buster version marked (Legacy)?

I'm also using ethernet, can you try that to see if anything is different?

Have you tried connecting to the pi with a different device on the network your router is on?

commented

Yes, I am using the OS marked "legacy" because the requirements stated "Buster". There is no current version of Pi OS Buster, based off Debian 10. The current version is code named "Bullseye", based off Debian 11.

Is the wiki incorrect and I should be using Bullseye?

I'll try both ethernet and connecting from another device.

commented

sudo python3 -m install --upgrade six

Before installing, or followed by a reïnstall of tinycheck. Pull request #94 seems to fix this.

commented

sudo python3 -m install --upgrade six

Before installing, or followed by a reïnstall of tinycheck. Pull request #94 seems to fix this.

That just returns an error:

"No module named install"

Also already running Python 3.7.3 22/01/2022

commented

I was unable to reproduce your problem. I didn't have to change the the script either, are you using the buster version marked (Legacy)?

I'm also using ethernet, can you try that to see if anything is different?

Have you tried connecting to the pi with a different device on the network your router is on?

So I have tried the following on both Buster and Bullseye connected via ethernet the result is almost the same.

Running the desktop shortcut which bashes kiosk.sh does nothing whatsoever without editing the contents of kiosk.sh. This is because, "chromoim-browser" doesn't exist and it returns the error as below:

$ bash /usr/share/tinycheck/kiosk.sh
kiosk_mode: true
$ /usr/share/tinycheck/kiosk.sh: line 18: /usr/bin/chromium-browser: No such file or directory
bash /^Cr/share/tinycheck/kiosk.sh

Editing it to just read "chromium" launches chromium in full screen for kiosk mode. This returns the web error below as per my original results.

This site can’t be reached

127.0.0.1 refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

I am no longer getting any other errors bashing kiosk.sh in the terminal though, only the error above.

$ bash /usr/share/tinycheck/kiosk.sh
kiosk_mode: true
$ Opening in existing browser session.

I am able to remotely access the backend by going to the Pi's 192.168.1.xxx IP address on my phone, laptop, PC, etc.

I cannot access the frontend at all from anywhere.

Edit: The backend can also be accessed remotely using https://tinycheck.local

Attempting to access the http address without the 's' just states site cannot be reached.

commented

Had the same problem. PlazzmiKs Solution works. But i had to use this before installation of tinychek: sudo python3 -m pip install --upgrade six

commented

Had the same problem. PlazzmiKs Solution works. But i had to use this before installation of tinychek: sudo python3 -m pip install --upgrade six

Thanks, I already tried that and the command did not work as per my reply to PlazzmiK.

commented

Okay, sorry. I thought it might help you, because i had the same error "No module named install". So i used "pip install" instead of install only and the installation was succesful.

commented

Okay, sorry. I thought it might help you, because i had the same error "No module named install". So i used "pip install" instead of install only and the installation was succesful.

Ah, my bad I misread your post and complete missed the 'pip' added. I'll try that shortly!

commented

Okay, sorry. I thought it might help you, because i had the same error "No module named install". So i used "pip install" instead of install only and the installation was succesful.

Problem solved! AFAIK.

Testing capture. Although doesn't appear to be bridging to the internet but that is likely just a configuration issue.

commented

New issue: (unsure if i should start a new thread)

Wi-Fi network does not appear to be bridging through to the internet. I am unable to load any web pages or web based application on the test device. The test phone just shows as connected but that the network does not provide an internet connection.

However, TinyCheck still shows attempted connections to IP addresses and ports in the reports. So in that respect, it appears to be working as intended. It just may be less effective at capturing traffic as there is no internet connection reported to the device. As such many apps may not even try to connect.

I get the following errors bashing kiosk.sh it in the terminal:

[5642:5642:0221/130543.001935:ERROR:component_loader.cc(187)] Failed to parse extension manifest.
[5694:5694:0221/130543.573655:ERROR:gpu_init.cc(453)] Passthrough is not supported, GL is egl, ANGLE is
[5642:5760:0221/130543.849661:ERROR:object_proxy.cc(642)] Failed to call method: org.freedesktop.DBus.Properties.Get: object_path= /org/freedesktop/UPower: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.UPower was not provided by any .service files
[5642:5760:0221/130543.850490:ERROR:object_proxy.cc(642)] Failed to call method: org.freedesktop.UPower.GetDisplayDevice: object_path= /org/freedesktop/UPower: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.UPower was not provided by any .service files
[5642:5760:0221/130543.851352:ERROR:object_proxy.cc(642)] Failed to call method: org.freedesktop.UPower.EnumerateDevices: object_path= /org/freedesktop/UPower: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.UPower was not provided by any .service files
[5642:5704:0221/130547.758495:ERROR:chrome_browser_main_extra_parts_metrics.cc(230)] crbug.com/1216328: Checking Bluetooth availability started. Please report if there is no report that this ends.
[5642:5704:0221/130547.758621:ERROR:chrome_browser_main_extra_parts_metrics.cc(233)] crbug.com/1216328: Checking Bluetooth availability ended.
[5642:5704:0221/130547.758659:ERROR:chrome_browser_main_extra_parts_metrics.cc(236)] crbug.com/1216328: Checking default browser status started. Please report if there is no report that this ends.
[5642:5704:0221/130548.034981:ERROR:chrome_browser_main_extra_parts_metrics.cc(240)] crbug.com/1216328: Checking default browser status ended.
[5642:5704:0221/130559.225080:ERROR:database.cc(1761)] History SQLite error: code 1555 errno 0: UNIQUE constraint failed: context_annotations.visit_id sql: INSERT INTO context_annotations( visit_id,context_annotation_flags,duration_since_last_visit,page_end_reason )VALUES(?,?,?,?)
[5642:5799:0221/130621.454034:ERROR:database.cc(1761)] History SQLite error: code 1555 errno 0: UNIQUE constraint failed: context_annotations.visit_id sql: INSERT INTO context_annotations( visit_id,context_annotation_flags,duration_since_last_visit,page_end_reason )VALUES(?,?,?,?)

Any further help would be appreciated.

PS. I will be testing on ethernet shortly in case it is a WiFi issue and will update this post.

EDIT: Same problem with ethernet in terms of network bridge but I don't get the above errors in the terminal. Don't have a clue.

commented

Fully resolved! I was inadvertently using Raspbian 11 in my last test instead of 10 (Buster). I must have grabbed the wrong SD card (I've got 7 with different OS setups).

The shortcut on the desktop doesn't work nomatter what but I can just use the IP address to access the front and back ends.

Thanks to zippelzapp for the solution. The rest was user error (as is usually the case).