search

mushorg / tanner

He who flays the hide
GNU General Public License v3.0
221 stars 101 forks source link

Download .zip via RFI throws error. #367

Closed t3chn0m4g3 closed 4 years ago

t3chn0m4g3 commented 4 years ago

@afeena While testing #364 I stumbled upon this error: This is my testcase, trying to download a malware test file with 'RFI': {"allow_insecure": True}, http://<snare_url>/?file=https://secure.eicar.org/eicar_com.zip

Throws the following error:

2020-03-05 21:59:59 ERROR:aiohttp.server:log_exception: Error handling request
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/aiohttp/web_protocol.py", line 418, in start
    resp = await task
  File "/usr/lib/python3.7/site-packages/aiohttp/web_app.py", line 458, in _handle
    resp = await handler(request)
  File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/server.py", line 68, in handle_event
    detection = await self.base_handler.handle(data, session)
  File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/emulators/base.py", line 145, in handle
    detection = await self.emulate(data, session)
  File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/emulators/base.py", line 127, in emulate
    detection = await self.handle_get(session, data)
  File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/emulators/base.py", line 103, in handle_get
    possible_get_detection = await self.get_emulation_result(session, get_data, self.get_emulators)
  File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/emulators/base.py", line 75, in get_emulation_result
    emulation_result = await self.emulators[detection['name']].handle(attack_params[detection['name']], session)
  File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/emulators/rfi.py", line 99, in handle
    result = await self.get_rfi_result(attack_params[0]['value'])
  File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/emulators/rfi.py", line 82, in get_rfi_result
    file_name = await self.download_file(path)
  File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/emulators/rfi.py", line 48, in download_file
    data = await resp.text()
  File "/usr/lib/python3.7/site-packages/aiohttp/client_reqrep.py", line 1014, in text
    return self._body.decode(encoding, errors=errors)  # type: ignore
  File "/usr/lib/python3.7/encodings/cp1252.py", line 15, in decode
    return codecs.charmap_decode(input,errors,decoding_table)
UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 148: character maps to <undefined>

The eicar site seems to be good for testing since it throws a certificate error for SSL / TLS connections.

I am pretty sure the http test was working fine once, but it throws an error as well: http://<snare_url>/?file=http://www.eicar.org/download/eicar_com.zip

Download the .com instead of .zip works fine for http & https: http://<snare_url>/?file=http://www.eicar.org/download/eicar.com

t3chn0m4g3 commented 4 years ago

Fixed this. Caused by specifying the IP instead of the hostname in config.py.