Cuckoo HTTPS webserver

[d4n13l4]

My issue is:

I'm trying to make the webserver run with HTTPS, I've installed ngnix as this post suggested https://infosecspeakeasy.org/t/howto-build-a-cuckoo-sandbox/27 my cuckoo file for it is the same except I don't have the # Host the upstream legacy API part nginx is running but when I run cuckoo webserver command it still takes me to HTTP

From what I read there is nothing else to change in the configuration but maybe I'm missing something. Do I have to change the way I'm running the web server? I'm using cuckoo web runserver linux_ip:8080

My Cuckoo version and operating system are:

Linux host 16.04 Windows 7 guest Cuckoo version 2.0.5

/etc/nginx/sites-available/cuckoo

server { 
    listen linux_ip:443 ssl http2; 
    ssl_certificate /etc/nginx/ssl/cuckoo.crt;
    ssl_certificate_key /etc/nginx/ssl/cuckoo.key; 
    ssl_dhparam /etc/nginx/ssl/dhparam.pem; 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; 
    ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_tickets off; # Requires nginx >= 1.5.9 

    # Uncomment this next line if you are using a signed, trusted cert 
    #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; 
    add_header X-Frame-Options SAMEORIGIN; 
    add_header X-Content-Type-Options nosniff; 
    root /usr/share/nginx/html; 
    index index.html index.htm; 
    client_max_body_size 101M; 
    auth_basic "Login required"; 
    auth_basic_user_file /etc/nginx/htpasswd; 

    location / { 
        proxy_pass http://127.0.0.1:8000; 
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    } 

    location /storage/analysis { 
        alias /home/cuckoo/cuckoo/storage/analyses/; 
        autoindex on; 
        autoindex_exact_size off; 
        autoindex_localtime on; 
    } 

    location /static { 
        alias /home/cuckoo/cuckoo/web/static/; 
    }
 } 

server { 
    listen linux_ip:80 http2; 
    return 301 https://$server_name$request_uri; 
}

[doomedraven]

that is for cuckoo-mod check this

cuckoo web --nginx
upstream _uwsgi_cuckoo_web {
    server unix:/run/uwsgi/app/cuckoo-web/socket;
}

server {
    listen localhost:8000;

    # Cuckoo Web Interface
    location / {
        client_max_body_size 1G;
        proxy_redirect off;
        proxy_set_header X-Forwarded-Proto $scheme;
        uwsgi_pass  _uwsgi_cuckoo_web;
        include     uwsgi_params;
    }
}

╰─± cuckoo web --uwsgi
[uwsgi]
plugins = python
module = cuckoo.web.web.wsgi
uid = X
gid = X
static-map = /static=/usr/local/lib/python2.7/dist-packages/cuckoo/web/static
# If you're getting errors about the PYTHON_EGG_CACHE, then
# uncomment the following line and add some path that is
# writable from the defined user.
# env = PYTHON_EGG_CACHE=
env = CUCKOO_APP=web
env = CUCKOO_CWD=/home/X/.cuckoo

[d4n13l4]

yes I have both like that

[d4n13l4]

I just tried again and now I got this error "You're accessing the development server over HTTPS, but it only supports HTTP."

from my searches this is a django error but I couldn't find where to change the secure_ssl_direct setting, any hints? @doomedraven @RicoVZ

[doomedraven]

did you try acceso it on http not https? for start to see fi that works?

[ThisIsNotMalware]

same problem here, have Cuckoo working perfectly over HTTP but when using HTTPS I get from cuckoo webserver: You're accessing the development server over HTTPS, but it only supports HTTP.

any ideas?

[ryanbekabe]

Hi @ThisIsNotMalware,

Our Cuckoo Sandbox is SSL with Let's Encrypt, try here: https://cuckoo.hanyajasa.com/ Do you want it to?

[ThisIsNotMalware]

Hey @ryanbekabe

Thanks for sharing, I'll take a look at Let's Encrypt, was trying to do something like this: https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04

But may not work, no idea.

Edit**

Ive managed to make it work, and have my SSL enabled, but, when I try to submit a sample via SSL the connection will close, any idea?

[ryanbekabe]

Hi @ThisIsNotMalware,

Same to me, when upload via SSL, Submit button not working. But SSL from cuckoo.cert.ee working normal. I don't know why.

[ThisIsNotMalware]

Update @ryanbekabe I see Cuckoo trying to RST, ACK to port 80. There should be a way to change this to port 443 to make it work over SSL

[ryanbekabe]

@ThisIsNotMalware Here same issues: https://github.com/cuckoosandbox/cuckoo/issues/1397 And my web now works for uploading via SSL: https://cuckoo.hanyajasa.com/ Here my stuff: https://github.com/ryanbekabe/cuckoostuff/blob/master/apache_https_sll.conf

SSLEngine on
RequestHeader set X-Forwarded-Proto https

[doguile]

Hi guys, how do you run the cuckoo web interface through https? I just did all the steps described above, but when I run cuckoo web -H IP_address it says the port is already in use. I know cuckoo runs on port 8000, so just change it in the cukoo-web file. Here is my setup. please help

# server { listen 8000 default_server; server_name x.x.x.x; return 301 https://$server_name$request_uri; }

server {

# SSL configuration

listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;

[doguile]

i just resolve it :)