ytakeda-sec
commented
6 years ago The same behavior is occurring in my cuckoo. However, in rare cases analysis results may be displayed.
I want to know the solution.
Open MikeFow opened 6 years ago
ytakeda-sec
commented
6 years ago The same behavior is occurring in my cuckoo. However, in rare cases analysis results may be displayed.
I want to know the solution.
jbremer
commented
6 years ago Can either of you share one or more PCAPs for these URL analyses?
MikeFow
commented
6 years ago ytakeda-sec
commented
6 years ago I attached my pcap files.
LetMeR00t
commented
6 years ago Hi guys, I have the same behavior using https://www.google.fr or http://www.msn.fr as example. Did you find out something on this issue ? Thank you PS : I'm using Cuckoo 2.0.5
jbremer
commented
6 years ago @MikeFow I suspect there's an issue due to the HTTP proxy that you're using. @TAKEDA-Yasuhiro it seems there are some TCP retransmission parsing issues in your pcap. Will have to take a better look at that at some point, thanks for the pcap.
LetMeR00t
commented
6 years ago Could be link to this issue https://github.com/cuckoosandbox/cuckoo/issues/2103 for some people concerning the HTTPS decryption ...
Hello,
I have installed Cuckoo 2.0.3 in my lab and hit an issue. Using similar lab set up with Cuckoo 2.0RC1 did not have this issue.
When I run an analysis - for example google.com, the HTTP tab under Network Analysis shows no traffic.
The PCAP and other tabs show correct information:
This behaviour is the same for both URLs and files.
Any ideas on where I can look to try and resolve this?