URL analysis

[Parithmos424]

About accounts on capesandbox.com

• Issues isn't the way to ask for account activation. Ping capesandbox in Twitter with your username

This is open source and you are getting free support so be friendly!

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [ Y ] I am running the latest version
• [ Y ] I did read the README!
• [ Y ] I checked the documentation and found no answer
• [ Y ] I checked to make sure that this issue has not already been filed
• [ Y ] I'm reporting the issue to the correct repository (for multi-repository projects)
• [ Y ] I have read and checked all configs (with all optional parts)

Expected Behavior

Hi Team, I am currently running a CAPEv2 on Ubuntu 22.04 + Oracle VM Virtualbox (Win-7 32bit) as guest OS and everything works fine with the file submissions but I would like to also use CAPE for URL submission to analyze them automatically.

Current Behavior

Unfortunately it is not working for me, console shows 0 errors while analysis is run but on the guest os actually is nothing happening. No browser is started, just showing me Desktop during whole analysis.

Do you have any tips what browsers should be used to run automatic URL analysis on the CAPE currently? IE is already blocked by many webpages as an outdated browser and even if it just do not run any analysis in my case. What are the recommended browser for Win7 and Win10 to have the ability to run a url analysis? Before creating this issue I have read multiple threads regarding that matter but still I did not found a valid solution for my problem. I would be thankful for any tips on that.

Failure Information (for bugs)

Logs from analysis (no errors):

Jun 12 09:38:12 cape-vm1 python3[47249]: 2024-06-12 09:38:12,883 [lib.cuckoo.core.scheduler] INFO: Task #20: Starting analysis of URL 'https://www.youtube.com'
Jun 12 09:38:12 cape-vm1 python3[47249]: 2024-06-12 09:38:12,916 [lib.cuckoo.core.scheduler] INFO: Task #20: acquired machine Win7_32bit_ONE (label=Win7_32bit_ONE, arch=x86, platform=windows)
Jun 12 09:38:16 cape-vm1 python3[47249]: 2024-06-12 09:38:16,525 [lib.cuckoo.core.scheduler] INFO: Enabled route 'internet'.
Jun 12 09:38:16 cape-vm1 python3[51023]: /usr/bin/tcpdump
Jun 12 09:38:16 cape-vm1 python3[47249]: 2024-06-12 09:38:16,549 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 51025 (interface=vboxnet0, host=192.168.56.101, dump path=/opt/CAPEv2/storage/analyses/20/dump.pcap)
Jun 12 09:38:16 cape-vm1 python3[47249]: 2024-06-12 09:38:16,560 [lib.cuckoo.core.guest] INFO: Task #20: Starting analysis on guest (id=Win7_32bit_ONE, ip=192.168.56.101)
Jun 12 09:38:16 cape-vm1 sudo[51025]:     cape : PWD=/opt/CAPEv2 ; USER=root ; COMMAND=/usr/bin/tcpdump -U -q -s 0 -i vboxnet0 -n -Z cape -w /opt/CAPEv2/storage/analyses/20/dump.pcap host 192.168.56.101 and not ( dst host 192.168.56.101 and dst port 8000 ) and not ( src host 192.168.56.101 and src port 8000 ) and not ( dst host 192.168.56.1 and dst port 2043 ) and not ( src host 192.168.56.1 and src port 2043 ) and ( 'not arp' )
Jun 12 09:38:16 cape-vm1 sudo[51025]: pam_limits(sudo:session): unknown limit item 'hard'
Jun 12 09:38:16 cape-vm1 sudo[51025]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1001)
Jun 12 09:38:19 cape-vm1 python3[47249]: 2024-06-12 09:38:19,607 [lib.cuckoo.core.guest] INFO: Task #20: Guest is running CAPE Agent 0.17 (id=Win7_32bit_ONE, ip=192.168.56.101)
Jun 12 09:38:23 cape-vm1 python3[47249]: 2024-06-12 09:38:23,797 [lib.cuckoo.core.guest] INFO: Task #20: Uploading script files to guest (id=Win7_32bit_ONE, ip=192.168.56.101)
Jun 12 09:42:44 cape-vm1 python3[47249]: 2024-06-12 09:42:44,905 [lib.cuckoo.core.guest] INFO: Task #20: End of analysis reached! (id=Win7_32bit_ONE, ip=192.168.56.101)
Jun 12 09:42:44 cape-vm1 sudo[51025]: pam_unix(sudo:session): session closed for user root
Jun 12 09:42:46 cape-vm1 python3[47249]: 2024-06-12 09:42:46,252 [lib.cuckoo.core.scheduler] INFO: Disabled route 'internet'
Jun 12 09:42:46 cape-vm1 python3[47249]: 2024-06-12 09:42:46,272 [lib.cuckoo.core.scheduler] INFO: Task #20: analysis procedure completed

---

Context

CAPEv2 on Ubuntu 22.04 + Oracle VM Virtualbox (Win-7 32bit) + currently using default IE8 browser

Failure Logs

Please include any relevant log snippets or files here.

[doomedraven]

see analysis.log inside of the analysis folder, that log is from VM, you posted server side log + plz use code block to properly post logs

[Parithmos424]

Sorry for that, I've update the comment.

Also I have found the file that you were pointing to and looks like the automatic package detection pick up the 'Edge' package not the IE (I don't have Edge on my WIn7 guest os)

2024-06-12 09:38:12,030 [root] INFO: Analysis package "edge" has been specified 2024-06-12 09:38:12,030 [root] DEBUG: Importing analysis package "edge"... 2024-06-12 09:38:12,060 [root] DEBUG: Initializing analysis package "edge"... 2024-06-12 09:38:12,060 [root] DEBUG: New location of moved file: https://www.youtube.com

So there is no issues with starting up the IE by the cape automatically, thank you for your guidance on troubleshooting.

Unfortunately as I thought YouTube did not open because of the outdated browser, do you have some specific browser builds for Edge that you would recommend to use along with CAPE?

[kevoreilly]

Well if you are going to use Win7 I would probably recommend Firefox actually - not convinced Edge and Win7 were destined to be together.

But I would seriously recommend ditching Win7 vms and install Win10 21H2, from which any Edge version should work.

[Parithmos424]

Great, thank you so much for all your tips. Would definitely try Win10 in such case. Thanks! :)