Closed wikiZ closed 2 years ago
Hi there,
Thank you for this bug report. Can you please provide me with anonymized version of your yaml config file?
Kind regards, Mariusz.
Sir, I only changed the IP, certificate, and port. No other information is modified
`#
#
#
#
verbose: True
debug: False
output: redwarden_redirector.log
access_log: redwarden_access.log
access_log_format: apache2
#
# #
#
redelk_frontend_name: http-redwarden
redelk_backend_name_c2: c2
redelk_backend_name_decoy: decoy
tee: True
#
# port:
#
# ssl_cacert: ssl/bundle.crt ssl_cakey: ssl/bundle.key
#
#
#
# drop_invalid_http_requests: True
#
# profile: /root/cobaltstrike4.4/service_cobaltstrike.profile
#
#
#
#
# teamserver_url:
#
#
# report_only: False
#
#
# log_dropped: False
#
#
#
#
# throttle_down_peer_logging: log_request_delay: 60 requests_threshold: 3
#
#
#
# drop_action: redirect
#
#
#
# action_url:
#
#
#
#
#
#
#
#
#
# proxy_pass:
#
#
#
#
# remove_superfluous_headers: True
#
#
#
# mitigate_replay_attack: False
#
# whitelisted_ip_addresses:
#
#
#
#
#
# add_peers_to_whitelist_if_they_sent_valid_requests: number_of_valid_http_get_requests: 15 number_of_valid_http_post_requests: 5
#
#
# ban_blacklisted_ip_addresses: True
#
#
# ip_addresses_blacklist_file: data/banned_ips.txt
#
#
# banned_agents_words_file: data/banned_words.txt
#
#
# override_banned_agents_file: data/banned_words_override.txt
#
#
#
# verify_peer_ip_details: True
#
#
#
#
# ip_details_api_keys:
ipgeolocation_io:
#
#
#
#
#
#
#
# ip_geolocation_requirements: organization:
continent: continent_code: country: country_code: city: timezone:
#
#
# policy:
allow_proxy_pass: True
allow_dynamic_peer_whitelisting: True
drop_invalid_useragent: True
drop_http_banned_header_names: True
drop_http_banned_header_value: True
drop_dangerous_ip_reverse_lookup: True
drop_ipgeo_metadata_containing_banned_keywords: True
drop_malleable_without_expected_header: True
drop_malleable_without_expected_header_value: True
drop_malleable_without_expected_request_section: True
drop_malleable_without_request_section_in_uri: True
drop_malleable_without_prepend_pattern: False
drop_malleable_without_apppend_pattern: False
drop_malleable_unknown_uris: True
drop_malleable_with_invalid_uri_append: True
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
`
I think that's resolved now, similarly to issues/19. Closing it, feel free to reopen if the issue remains!
Sir, in your latest version, there is still the behavior of repeated port monitoring, which is undoubtedly a bug and I hope to fix it as soon as possible.
[INFO] 2022-04-05/03:36:50: Loading 1 plugin... [INFO] 2022-04-05/03:36:50: Plugin "malleable_redirector" has been installed. [INFO] 2022-04-05/03:36:50: Preparing SSL certificates and keys for https traffic interception... [INFO] 2022-04-05/03:36:50: Using provided CA key file: ssl/bundle.key [INFO] 2022-04-05/03:36:50: Using provided CA certificate file: ssl/bundle.crt [INFO] 2022-04-05/03:36:50: Using provided Certificate key: /root/cobaltstrike4.4/RedWarden-master/ca-cert/cert.key [INFO] 2022-04-05/03:36:50: Teeing stdout output to redwarden_redirector.log log file. [INFO] 2022-04-05/03:36:50: Loaded 1890 blacklisted CIDRs. [INFO] 2022-04-05/03:36:50:
/ _ __/ / | / /_ ____/ / __ / // / \/ /| | /| / / `/ _/ / _ \/ \ / , / / // / | |/ |/ / // / / / /_/ / / / / / // ||_/_,/ |/|/_,// _,/\// //
[INFO] 2022-04-05/03:36:50: Serving proxy on: http://0.0.0.0:8888 ... [INFO] 2022-04-05/03:36:50: Serving proxy on: http://0.0.0.0:8888 ... [INFO] 2022-04-05/03:36:50: Serving proxy on: https://0.0.0.0:4444 ... Fatal error has occured. [Errno 17] File exists Traceback:
Traceback (most recent call last): File "/usr/lib/python3.6/asyncio/selector_events.py", line 253, in _add_reader key = self._selector.get_key(fd) File "/usr/lib/python3.6/selectors.py", line 191, in get_key raise KeyError("{!r} is not registered".format(fileobj)) from None KeyError: '8 is not registered'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "RedWarden.py", line 233, in main serve_proxy(srv[0], srv[1], srv[2], srv[3]) File "RedWarden.py", line 152, in serve_proxy server.add_sockets(foosock) File "/usr/local/lib/python3.6/dist-packages/tornado/tcpserver.py", line 166, in add_sockets sock, self._handle_connection File "/usr/local/lib/python3.6/dist-packages/tornado/netutil.py", line 282, in add_accept_handler io_loop.add_handler(sock, accept_handler, IOLoop.READ) File "/usr/local/lib/python3.6/dist-packages/tornado/platform/asyncio.py", line 150, in add_handler self.selector_loop.add_reader(fd, self._handle_events, fd, IOLoop.READ) File "/usr/lib/python3.6/asyncio/selector_events.py", line 326, in add_reader return self._add_reader(fd, callback, *args) File "/usr/lib/python3.6/asyncio/selector_events.py", line 256, in _add_reader (handle, None)) File "/usr/lib/python3.6/selectors.py", line 412, in register self._epoll.register(key.fd, epoll_events) FileExistsError: [Errno 17] File exists
^C Proxy serving interrupted by user.
Proxy serving interrupted by user.