Cuckoo Configuration
fareedfauzi opened this issue · comments
Hi Alex.
May I know, if my cuckoo does not use HTTPS, what should I change for the "verify" part? I tried to change to "False" in the conf, and as a result, my sample cannot be submitted by select Cuckoo as the interface's scale. Vice versa, if I'm remain unchanged the default value "True", the sample submit successfully.
So the cuckoo scale is just using requests under to hood, by default requests will set verify
to True
:
https://requests.readthedocs.io/en/master/api/#requests.request
In the scale we can see that is just does some lazy construction:
r = requests.post(CUCKOO_API + '/tasks/create/file', files={"file": (document['name'], f)}, verify=VERIFY)
So if CUCKOO_API
is set to http://hostname:port
it should work without touching verify
.
Are you saying that the scale is not working at all and always erroring on submission?
Oh. Okay.
The submission is working, but it seems to fail for the Cuckoo retrieving the sample (and analyze) from Snake. The Snake UI keeps showing "Loading..." and the Cuckoo log does not show any indicator of any sample come in.
I thought that the "verify" in my configuration is the problem, that's why I'm asking. I need to figure out other ways, why my Cuckoo can't retrieve the sample.
I also think that the API of my Cuckoo is the actual problem (which maybe misconfiguration or something), but manually submit a sample using the command, based on the Cuckoo docs was successfully submitted the sample in my Cuckoo.
curl -H "Authorization: Bearer S4MPL3" http://localhost:8090/tasks/create/submit -F files=@sample.exe
Thanks, Alex in advance.
Ahh I think I understand the issue now, do you have authentication sitting on top of your Cuckoo instance?
Based on the above instruction in Cuckoo docs... I never set API an token in my cuckoo.conf
, so in my case, the authorization of the API might be default implemented.
Do I need to make some changes in /usr/local/lib/python3.8/dist-packages/snake_cuckoo/interface.py
Alex for this matter based on the documentation of the request using Python?
Right okay lets follow this one through to work out what the real issue is, because I am confused :)
So does the curl work without the authorization header?
- If no, I will need to update the cuckoo scale to support auth headers (probably needs doing anyway)
- If yes, then we have a different issue going on:
- Can you show me the errors that snake is outputting on submission and viewing?
- It looks like curl work without an authorization header
$ curl http://192.168.8.124:8090/tasks/create/submit -F files=@TimeApp.exe
{
"errors": [],
"submit_id": 5,
"task_ids": [
3
]
}
- Snake log and cuckoo.conf as follow:
[I 210205 03:54:21 web:2105] 200 GET /store/143f41667d3b7ab0a22324a0ec6b42191e54db1fb20ffffa025b279c80b3e54b (127.0.0.1) 3.73ms
[I 210205 03:54:21 web:2105] 200 GET /file/143f41667d3b7ab0a22324a0ec6b42191e54db1fb20ffffa025b279c80b3e54b/hex (127.0.0.1) 11.42ms
[E 210205 03:54:21 web:1620] Uncaught exception POST /scale/cuckoo/interface (127.0.0.1)
HTTPServerRequest(protocol='http', host='localhost:5000', method='POST', uri='/scale/cuckoo/interface', version='HTTP/1.1', remote_ip='127.0.0.1')
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/tornado-5.0.1-py3.8-linux-x86_64.egg/tornado/web.py", line 1543, in _execute
result = yield result
File "/usr/local/lib/python3.8/dist-packages/tornado-5.0.1-py3.8-linux-x86_64.egg/tornado/gen.py", line 1099, in run
value = future.result()
File "/usr/local/lib/python3.8/dist-packages/snake-1.0.2-py3.8.egg/snake/routes/scale.py", line 119, in post
output = await loop.run_in_executor(None, command, data['args'], data['sha256_digest'])
File "/usr/lib/python3.8/concurrent/futures/thread.py", line 57, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.8/dist-packages/snake-1.0.2-py3.8.egg/snake/scale.py", line 737, in wrapper
output = func(args=args_, file=file_storage, opts=opts, self=self)
File "/usr/local/lib/python3.8/dist-packages/snake_cuckoo/interface.py", line 28, in info
except requests.exceptions.RequestException:
TypeError: unsupported operand type(s) for +: 'int' and 'str'
Configuration
snake@snake:/var/log/snake$ cat /etc/snake/scales/cuckoo.conf
cuckoo_api: 8090
cuckoo_url: 192.168.8.124
verify: True
snake@snake:/var/log/snake$ cat /usr/local/lib/python3.8/dist-packages/snake_cuckoo/cuckoo.conf
cuckoo_api: 8090
cuckoo_url: 192.168.8.124
verify: True
Which part am I wrong Alex?
Right from the logs I can see its due to some un-robust parsing. So if you change your settings to the following you should be good to go:
cuckoo_api: 'http://192.168.8.124:8090'
cuckoo_url: 'http://192.168.8.124'
Ok issue solved! Thanks a lot.