Comments (15)
I would say the first thing to check is that the URLs are launched in a browser package whether this be for IE, Firefox or Chrome. You should then verify that the behavioural analysis has occured in the resulting output, with API calls from the browser process appearing. If not this can perhaps be diagnosed by looking in the analysis log.
from cape.
Also, if these links are in any way dodgy it's probably best not to paste them directly into comments as anyone could click on them outside of a sandbox and end up in trouble.
from cape.
Hi @kevoreilly these links are launching in a browser when the page is accessed by the browser in sandbox it doesn't click on the buttons and all the above links are only like this. it needs human interaction to click on the button to each time. All these links contains addons which needs human interaction and yeah I forgot to edit these links, kindly throw these links in your sandbox, you will understand what right now happening.
from cape.
Have you had any luck getting the analysis working?
from cape.
no not yet that's why I gave these links, so that you can check and help it.
from cape.
Did you see my points about checking the package, behavioural analysis output, analysis log, etc.
from cape.
Yes I checked all the points before
from cape.
I was hoping for some more information from these sources in order to try and help diagnose what is going on.
from cape.
I tried few things manually each links contains buttons and most of the buttons contains javascript code, so I think that's why the sandbox is not able to click on these buttons because in file analysis they look for some buttons text like "next, install, close etc" which they worked properly. But on the URL part buttons not clicked by the sandbox because they contains javascript code and I think sandbox needs to add some extra functionality for handling these kind of behaviour.
Second thing if we throw the link which contains exe in the URL (ex(ccleaner setup-->).
hxxps://s3-us-west-2.amazonaws.com/filehippo-assets/installers/ccsetup540pro_fh.exe)
then it will works. It will download the setup and run it successfully because this URL contain the direct link and popup the window with option run, save and cancel in that case sandbox will handle this part and execute the binary.
from cape.
Aha! This sounds like a limitation in the automated interaction which is governed by the 'human' auxiliary module: analyzer/windows/modules/auxiliary/human.py
This module contains, among other things, lists of buttons to click or not to click. Perhaps with an appropriate addition here you will succeed in automating the clicking of the right box to trigger the download you are after.
from cape.
I know about this file and I tried also but for web pages they are not working
from cape.
This is a question then of automated web/browser interaction which is beyond the scope of what I think was intended with the human auxiliary module. Nonetheless it may be possible to add to this module or create another one for this purpose, perhaps taking inspiration from projects like Splinter (https://github.com/cobrateam/splinter) which let you automate browser actions, such interacting with web pages.
from cape.
I hope that someone implement it in cuckoo I will try to suggest them.
from cape.
im sure there much more priorities, but you always can PR working poc to speedup integration :)
from cape.
Closing this now - it's more of a feature request than an issue - maybe someone down the line will contribute automated browser interaction.
from cape.
Related Issues (20)
- Alembic not updating db properly HOT 5
- Error when installing from requirements.txt HOT 4
- VPN not selectable in Web Interface HOT 36
- x64 DLL Extraction module doesn't work HOT 1
- Which commit was capemon.dll compiled from HOT 4
- Small bug on web UI submission template HOT 1
- File not detected as being in VT HOT 2
- Injection vs Extraction HOT 4
- Agent.py HOT 3
- KeyError: (<weakref at 0x7fbf4a8f5d68; to 'function' at 0x7fbf43b9dd90 (go)>,) HOT 4
- Permission for Scraping https://www.capesandbox.com/analysis/ HOT 2
- [Feature Request] Add support for Unfurl HOT 1
- Invalid URL under C2Server HOT 1
- Memory Dump on proxmox HOT 1
- Samples not analyzed on Linux guest (Ubuntu 18.04 32-bits) HOT 2
- The PCAP file does not exist
- Result Server Binding error HOT 1
- Cape Sandbox linux analysis
- Linux Analysis of Cape Sandbox
- Getting zero mal score in linux analysis
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cape.