doomedraven
commented
6 years ago no hash no happens :P
Open sust4in opened 6 years ago
doomedraven
commented
6 years ago no hash no happens :P
sust4in
commented
6 years ago I dont really understand. all process logs has 'BSON' string on their first 4 chars. after the logs fullfilled, cuckoo logs same errors. Just 'BSON' lenght cant be 1313821506 bits
it can be encode or decode error, something that conflicting with index lenght.
doomedraven
commented
6 years ago can you share sample? it looks like it report with wring package header
sust4in
commented
6 years ago before the example, extra info would be good.
i am in debug mode on cuckoomon,
is cuckoo decoding .log files into .bson inside the pipe or just analysis process .log files? (i cannot see any .bson file after i debugged cuckoomon, just .log extension exist.) i am trying to debug from behaviour.py for getting BsonParser into work.
before the fully sending example. the full results looks like this.
i also found this similar https://github.com/cuckoosandbox/cuckoo/issues/520
doomedraven
commented
6 years ago you need to check how logging working, it start netlogger and send bson data, and you answered your question in second part
Hello people, i cant analyze any of bson logs. i changed the code little and tried to see error. and there is;
File:
netlog.py line - 78
I dont know why blen variable is really more than max_message_lenght without any content but just 'BSON'
debug output:
BsonParser decoding problem bad eoo on data[:50] b'\n\xe4\x00\x00\x00\x10I\x00\x00\x00\x00\x00\x02name\x00\x0c\x00\x00\x00process\x00\x02type\x00\x05\x00\x00\x00info\x00\x02'