Error running httpreplay-based PCAP analysis

[osh2ep]

I read that invalid order pcap file by Wireshark and everything just OK.

Don't know why this error show up?

P/s: I think that DumpTLSMasterSecret module fail leading to this problem.

2017-07-30 05:50:58,595 [cuckoo.processing.network] ERROR: Error running httpreplay-based PCAP analysis
Traceback (most recent call last):
  File "/root/cuckoo/cuckoo_28_7/cuckoo/processing/network.py", line 899, in run
    results.update(p2.run())
  File "/root/cuckoo/cuckoo_28_7/cuckoo/processing/network.py", line 776, in run
    l = sorted(r.process(), key=lambda x: x[1])
  File "build/bdist.linux-x86_64/egg/httpreplay/reader.py", line 118, in process
    self.tcp and self.tcp.process(ts, ip, packet)
  File "build/bdist.linux-x86_64/egg/httpreplay/smegma.py", line 87, in process
    s.process(ts, tcp, to_server)
  File "build/bdist.linux-x86_64/egg/httpreplay/smegma.py", line 361, in process
    self.states[self.state](self, ts, tcp, to_server)
  File "build/bdist.linux-x86_64/egg/httpreplay/smegma.py", line 126, in state_init_syn
    raise InvalidTcpPacketOrder(tcp)
InvalidTcpPacketOrder: ������KԌ�P@5�D EEEFFDELFEEPFACNFBDCEEFCFADHEICA FHEJEOCNDIEPEGEMFBFEFFEEEOEDLAA

[osh2ep]

dump_sorted.pcap https://drive.google.com/open?id=0B0kx_vLsLUFdanEzT2VBY3F5RHM

dump.pcap https://drive.google.com/open?id=0B0kx_vLsLUFddTA1MmppdTl5Wms

[osh2ep]

So I did disable module DumpTLSMasterSecret, but it might lead to the above issue which is lack of TLS Master Secrets so that httpproxy can't decrypt ( InvalidTcpPacketOrder )

Now I try moving to module mitmproxy to capture TLS Master Secrets...

Update: It is obvious that http-replay have nothing to do with TLS Master Secrets. And I still get this error.

[jbremer]

This has been resolved in httpreplay==0.2.1. The next Cuckoo release will include this version. Thanks!

[siriusr3d]

I am facing this issue now on cuckoo v2.0.6.2, httpreplay==0.2.4. dump.zip

password: infected