SSL errors when IP changes

[DigiAngel]

Topic :) Is there a quick way to redo the cert?

[DDR][INFO] [SSL ERROR]: HTTPSConnectionPool(host='192.168.100.107', port=5000): Max retries exceeded with url: /api/v1/cmd (Caused by SSLError(CertificateError("hostname '192.168.100.107' doesn't match either of '192.168.100.122', '192.168.100.122'",),))

[DigiAngel]

And after recreating the cert I'm not greeted with this:

[DDR][INFO] Running trace for selected basic block.
[DDR][INFO] Calling API id 1 = Analyse file
[DDR][INFO] Looking for file: C:\Cases\DDR_log_pafish_0x4014e0-0x4014f5_20000.json
[DDR][INFO] Asking DDR Server to run DynamoRio analysis for address range 0x4014e0 - 0x4014f5. Max. instructions: 20000 Please be patient...
C:\python27-x64\lib\site-packages\urllib3\connection.py:362: SubjectAltNameWarning: Certificate for 192.168.100.107 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
[DDR][INFO] [ERROR] Unkown error happend. REST API request failed.
Traceback (most recent call last):
  File "C:/Apps/IDA/plugins/ddr_plugin.py", line 318, in activate
    self._exec_dynRIO_against_BB(ea)
  File "C:/Apps/IDA/plugins/ddr_plugin.py", line 971, in _exec_dynRIO_against_BB
    self._exec_dynRio(start_addr=block.startEA, end_addr=idc.PrevHead(block.endEA), instr_count=MAX_INSTR_TO_EXECUTE)
  File "C:/Apps/IDA/plugins/ddr_plugin.py", line 994, in _exec_dynRio
    options       = options)              # option e.g. light_trace_only        
  File "C:/Apps/IDA/plugins/ddr_plugin.py", line 1100, in _call_api
    % (res.status_code, res.json()["return_status"]))
  File "C:\python27-x64\lib\site-packages\requests\models.py", line 897, in json
    return complexjson.loads(self.text, **kwargs)
  File "C:\python27-x64\lib\site-packages\requests\models.py", line 852, in text
    if not self.content:
  File "C:\python27-x64\lib\site-packages\requests\models.py", line 823, in content
    'The content for this response was already consumed')
RuntimeError: The content for this response was already consumed

[DigiAngel]

Any takers on this?

[DigiAngel]

Attempted this with using the supplied crt and key file and changing the IP address of the machine to match, still the same issue of ssl cert validation errors.

[DigiAngel]

Closing do to lack of interest from Cisco. Add this to the pile of non-working, unsupported projects.

[DigiAngel]

Well hey there Joel....while we're here: ;)

[finchy]

Let me ensure the developer is aware that someone is asking questions.

[DigiAngel]

Pimpy...thanks Joel!

[hunterbr72]

DigiAngel how did you generate the certificate ? I would recommend to use the ddr_server.py script (configure the variables in the script header first and delete the old certificates). After you generated the cert etc don't forget to copy it over to the IDA machine. The Talos DDR blog post describes this in detail.

[hunterbr72]

btw next version will have a setup script to do the init jobs.

[DigiAngel]

Ah there you are...hello :) So I tried several things:

openssl req -new -newkey rsa:2048 -nodes -out ddr.csr -keyout ddr.key
openssl x509 -trustout -signkey ddr.key -days 3365 -req -in ddr.csr -extfile ddr.ext -out ddr.pem

ddr.ext:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = 192.168.100.107
IP.1 = 192.168.100.107

however even using the demo certs and changing the machine IP address I still got errors. What other information can I provide? Thank you.

[hunterbr72]

check the ddr_server.py script, it is doing a similar thing via python for you if you start it and it doesn't find certs in the config directory. I never used openssl for generating the certs for the plugin, even if it should work, probably just a little small difference. I think they way you try it goes in the right direction. If I have time this week I ll try to generate one with openssl. Problem is I am just migrating to a new PC, so forgive me the delay.
And of course don't forget to copy the certs to the location you have configured in the variables in the ddr_plugin.py script. (key and cert need to be on the ddr_server.py machine and cert needs to be on the ddr_plugin.py machine - both specified in the variables in the script)

[hunterbr72]

btw to test the communication, you can also try to disable cert auth in the ddr_plugin.py script via a variable.

[DigiAngel]

I'll run these tests later today...I think I've tried all the above, but I'll validate and get screenshots and post..thank you!

[DigiAngel]

Ok...I got this to run by giving up copying the dynrio dlls and exe's into their own directory and just used the DynamoRIO directory instead. I'm using the default cert and I've had success! Really snazzy tool thank you....looking forward to the next rev.

[hunterbr72]

thx, happy you solved it. I am fully aware of that the initial setup is a bit tricky, that's why I have the setup routine on the top of the roadmap.