Tanner crashes after dirb scan without error

[t3chn0m4g3]

This issue was originally posted in the Snare repository (https://github.com/mushorg/snare/issues/233), however I could break it down to tanner (ver. 0.6.0, tcp/8090).

At some point while running dirb http://1.2.3.4 Snare looses contact to Tanner and throws an error

2020-02-17 13:23:01 ERROR:aiohttp.server:log_exception: Error handling request
2020-02-17 13:28:42 ERROR:snare.tanner_handler:submit_data: Exception:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/Snare-0.3.0-py3.7.egg/snare/tanner_handler.py", line 53, in submit_data
timeout=10.0
File "/usr/lib/python3.7/site-packages/aiohttp/client.py", line 391, in _request
await resp.start(conn)
File "/usr/lib/python3.7/site-packages/aiohttp/client_reqrep.py", line 770, in start
self._continue = None
File "/usr/lib/python3.7/site-packages/aiohttp/helpers.py", line 673, in exit
raise asyncio.TimeoutError from None
concurrent.futures._base.TimeoutError
2020-02-17 13:28:42 ERROR:aiohttp.server:log_exception: Error handling request

The reason for the error lies within the fact that Tanner crashes without any error or warning message.

Setup follows docker-compose.yml of this repo (https://github.com/mushorg/tanner/blob/master/docker/docker-compose.yml).

[afeena]

Thanks @t3chn0m4g3! I will investigate this behavior in the next few days.

[AndreyMironenkoGit]

Problem in KEEP_ALIVE_TIME = 75 in (tanner/tanner/session.py string 13) and subsequent removal of old sessions from redis (async def delete_old_sessions(self, redis_client) in tanner/tanner/session_manager.py string 67). The temporary mitigation may be to increase the KEEP_ALIVE_TIME, but need to understand why there is a conflict in Redis. I can't understand because I'm not a programmer and i have paws 😊

[AndreyMironenkoGit]

Checked the redis, is ok. Problem in tanner/tanner/session_manager.py in sting 71 (is_deleted = await self.delete_session(sess, redis_client)). "await" does not work correctly. if rewrite the function (async def delete_old_sessions(self, redis_client) )this way:

the problem will be fixed.

[afeena]

@AndreyMironenkoGit great! are you willing to make a pull request?

[AndreyMironenkoGit]

I'm sorry, but no. I don't have a fork. And I don't plan on doing it.

Best Regards.

[mzfr]

@afeena I've made the PR with the changes suggested by @AndreyMironenkoGit

[Fosocles]

@mzfr I recompiled a docker image with your fix and it still crashes after using Nikto against the page Snare serves.

[afeena]

OK I am now diving deep into the problem. Unfortunately I don't think changing specified Exception to general one make a trick. The more import is to understand why it is happening and fix the cause

[AndreyMironenkoGit]

@Fosocles try it exactly as I wrote it. I was testing from 3 computers running 2 Acunetix (full scan) and 1 dirb in parallel. The service was working fine(but not quite). The test lasted 20 hours.

But I have that stdout: Traceback (most recent call last): File "/usr/lib/python3.7/logging/init.py", line 1028, in emit stream.write(msg + self.terminator) UnicodeEncodeError: 'utf-8' codec can't encode character '\udcf3' in position 74: surrogates not allowed Call stack: File "/usr/bin/tanner", line 4, in import('pkg_resources').run_script('Tanner==0.6.0', 'tanner') File "/usr/lib/python3.7/site-packages/pkg_resources/init.py", line 666, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python3.7/site-packages/pkg_resources/init.py", line 1469, in run_script exec(script_code, namespace, namespace) File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/EGG-INFO/scripts/tanner", line 35, in File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/EGG-INFO/scripts/tanner", line 31, in main File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/server.py", line 121, in start web.run_app(app, host=host, port=int(port)) File "/usr/lib/python3.7/site-packages/aiohttp/web.py", line 433, in run_app reuse_port=reuse_port)) File "/usr/lib/python3.7/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/server.py", line 62, in handle_event self.logger.info('Requested path %s', path) Message: 'Requested path %s' Arguments: ('/secci\udcf3',)

[afeena]

@AndreyMironenkoGit am I correct, that you delete completely this line from your code? is_deleted = await self.delete_session(sess, redis_client)?

[AndreyMironenkoGit]

@afeena Yep. And did print exception in stdout, and run dirb.

[afeena]

@Fosocles if you are using pull request #353 it only changes exception type @AndreyMironenkoGit deleted the function of session deletion and analysis completely (actually, it's not how tanner supposed to work :) )

I found the problem. dirb creates thousands of sessions so tanner tries to analyse everything and put into redis, so it's a problem of efficiency and scalability

[AndreyMironenkoGit]

@afeena in the PR #357 @mzfr function has been removed too.

[afeena]

@AndreyMironenkoGit sorry, my bad :D you are right

[afeena]

@Fosocles there is no "fast" solution for the problem.

If we are talking about freezing error with dirb, it happens because dirb requests creates thousands of sessions in TANNER (although it supposed to be one sessions with multiple paths), so now imagine at some point all of them are expired and now TANNER want to analyse them and put into redis --> Yes, it freezes. So the whole process of moving sessions from memory to redis/other storage should be re-written. Because now TANNER just goes through the whole list of sessions at once

[afeena]

Please test https://github.com/mushorg/tanner/pull/362

Now doesn't crash for me with dirb

[afeena]

362

For any other problems please create new issue