jbremer
commented
6 years ago @gz0m could you please provide us with the related dump.pcap & tlsmaster.txt files? Can't do much without 'em. Thanks!
Closed gz0m closed 6 years ago
jbremer
commented
6 years ago @gz0m could you please provide us with the related dump.pcap & tlsmaster.txt files? Can't do much without 'em. Thanks!
jbremer
commented
6 years ago Closing issue for lack of additional information. Please reopen if you have the mentioned files.
smclinden
commented
5 years ago smclinden
commented
5 years ago Here is another, for comparison. dump.pcap.txt tlsmaster.txt
jbremer
commented
5 years ago @smclinden which version of httpreplay do you have installed (run pip freeze to find out)?
smclinden
commented
5 years ago 0.2.4
smclinden
commented
5 years ago This is Ubunto 16.04.
smclinden
commented
5 years ago @jbremer I inherted this. Do I need mitmproxy as well?
Hello! I have an issue Error running httpreplay-based PCAP analysis. Ubuntu 16.10 x64. HTTPReplay 0.2. Python 2.7.12+. Cuckoo 2.0.3.
I follow some steps to start analyzer:
1) sudo -H pip install -U pip setuptools 2) sudo -H pip install -U cuckoo 3) cuckoo community 4) cuckoo -d 5) cuckoo web -H 0 6) cuckoo api -H 0.0.0.0 7) 0.0.0.0:8000 and has started analyze
Debug log:
2017-08-21 19:22:00,702 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/61"
2017-08-21 19:22:02,085 [cuckoo.processing.network] ERROR: Error running httpreplay-based PCAP analysis Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/processing/network.py", line 901, in run results.update(p2.run()) File "/usr/local/lib/python2.7/dist-packages/cuckoo/processing/network.py", line 780, in run l = sorted(r.process(), key=lambda x: x[1]) File "/usr/local/lib/python2.7/dist-packages/httpreplay/reader.py", line 118, in process self.tcp and self.tcp.process(ts, ip, packet) File "/usr/local/lib/python2.7/dist-packages/httpreplay/smegma.py", line 87, in process s.process(ts, tcp, to_server) File "/usr/local/lib/python2.7/dist-packages/httpreplay/smegma.py", line 361, in process self.states[self.state](self, ts, tcp, to_server) File "/usr/local/lib/python2.7/dist-packages/httpreplay/smegma.py", line 284, in state_conn self.parent.handle(self.s, self.ts, "tcp", sent, recv) File "/usr/local/lib/python2.7/dist-packages/httpreplay/smegma.py", line 600, in handle while self.states[self.state](self, s, ts): File "/usr/local/lib/python2.7/dist-packages/httpreplay/smegma.py", line 539, in state_stream sent.append(self.tls.decrypt_client(record.type, record.data)) File "/usr/local/lib/python2.7/dist-packages/httpreplay/smegma.py", line 431, in decrypt_client return self.decrypt(self.client_cipher, record_type, buf) File "/usr/local/lib/python2.7/dist-packages/httpreplay/smegma.py", line 420, in decrypt record_type, bytearray(buf) File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 548, in _decryptThenMAC raise TLSBadRecordMAC() TLSBadRecordMAC
2017-08-21 19:22:02,086 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/61"