AttributeError: 'NoneType' object has no attribute 'group' about glastopf HOT 19 CLOSED

Do you have the request method?

from glastopf.

GET requests

from glastopf.

Strange, GET http://192.168.9.34/index.php?id=%0D%0AH% HTTP/1.1 gets matched quite well with ([A-Z0-9$-_.]{3,10})\s+(.*)\s+(HTTP/\d+.\d+). Could you do a print repr(request[0]) in line 88 of /opt/glastopf/modules/HTTP/util.py

from glastopf.

"GET /index.php?id=' =' HTTP/1.1"
2013-01-20 13:12:30,534 (glastopf) 192.168.9.113 requested GET
/index.php?id=' =' on 192.168.9.34
'GET /style.css HTTP/1.1'
2013-01-20 13:12:30,742 (glastopf) 192.168.9.113 requested GET
/style.css on 192.168.9.34
'GET /favicon.ico HTTP/1.1'
2013-01-20 13:12:31,121 (glastopf) 192.168.9.113 requested GET
/favicon.ico on 192.168.9.34
"GET /index.php?id=' =' HTTP/1.1"
2013-01-20 13:12:33,170 (glastopf) 192.168.9.113 requested GET
/index.php?id=' =' on 192.168.9.34
'GET /style.css HTTP/1.1'
2013-01-20 13:12:33,346 (glastopf) 192.168.9.113 requested GET
/style.css on 192.168.9.34
"GET /index.php?id=' =' HTTP/1.1"
2013-01-20 13:12:33,749 (glastopf) 192.168.9.113 requested GET
/index.php?id=' =' on 192.168.9.34

Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/evnet-1.0_5-py2.7.egg/evnet/init.py",
line 48, in loop
else: l.start()
OSError: [Errno 9] Bad file descriptor: '<pyev.Io object at
0x7f25d81621e8> has been stopped'
oserror [Errno 9] Bad file descriptor: '<pyev.Io object at
0x7f25d81621e8> has been stopped' (9, 'Bad file descriptor')

from glastopf.

Well looks like we found it. I'll fix it right now

from glastopf.

Hm, this is not causing the AttributeError anymore?
OSError is an old fellow: rep/evnet#3

from glastopf.

On 2013-01-20 13:41, Lukas Rist wrote:

Hm, this is not causing the AttributeError anymore?
OSError is an old fellow: rep/evnet#3

---

Reply to this email directly or view it on GitHub:
#33 (comment)

As in, it should not happen anymore? It's a new test install got the
installation from Git yesterday.

from glastopf.

Nope, I think we never properly solved that OSError thing.
Do you have a request that causes the AttributeError? Can't reproduce from what I got so far.

from glastopf.

On 2013-01-20 14:14, Lukas Rist wrote:

Nope, I think we never properly solved that OSError thing.
Do you have a request that causes the AttributeError? Can't reproduce from what I got so far.

---

Reply to this email directly or view it on GitHub:
#33 (comment)

The supplied request, applied several times should reproduce the problem.

http://192.168.9.34/index.php?id=%27%20%3D%27 (just insert it into you
favourite browser) and ctrl + r a couple of times.

Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/evnet-1.0_5-py2.7.egg/evnet/init.py",
line 48, in loop
else: l.start()
OSError: [Errno 9] Bad file descriptor: '<pyev.Io object at
0x7fa0c0162160> has been stopped'
oserror [Errno 9] Bad file descriptor: '<pyev.Io object at
0x7fa0c0162160> has been stopped' (9, 'Bad file descriptor')

from glastopf.

I was hoping to reproduce this error: AttributeError: 'NoneType' object has no attribute 'group'

from glastopf.

On 2013-01-20 14:43, Lukas Rist wrote:

I was hoping to reproduce this error: AttributeError: 'NoneType' object has no attribute 'group'

---

Reply to this email directly or view it on GitHub:
#33 (comment)

Send: http://192.168.9.34/index.php?id=%0D%0AH% several times, this
should give you the error

GET /index.php?id='
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/evnet-1.0_5-py2.7.egg/evnet/init.py",
line 566, in _readable
self._event('read', data)
File
"/usr/local/lib/python2.7/dist-packages/evnet-1.0_5-py2.7.egg/evnet/util.py",
line 16, in _event
cb(*args)
File "webserver.py", line 63, in read
response = self.glastopf_honeypot.handle_request(d, self.addr, self.c)
File "/opt/glastopf/glastopf.py", line 108, in handle_request
attack_event.parsed_request =
self.HTTP_parser.parse_request(raw_request)
File "/opt/glastopf/modules/HTTP/util.py", line 91, in parse_request
parsed_request.method = re_grp.group(1)
AttributeError: 'NoneType' object has no attribute 'group'

from glastopf.

Well this particular request is missing the HTTP version:
GET /index.php?id=%0D%0AH%
instead of:
GET /index.php?id=%0D%0AH% HTTP/1.1
Which is meant to fail (although we should handle it properly)

from glastopf.

Just made some changes to handle malformed requests. Could you give it a try? Tests running fine but haven't tried a lot.

from glastopf.

On 2013-01-20 15:39, Lukas Rist wrote:

Well this particular request is missing the HTTP version:
GET /index.php?id=%0D%0AH%
instead of:
GET /index.php?id=%0D%0AH% HTTP/1.1
Which is meant to fail (although we should handle it properly)

---

Reply to this email directly or view it on GitHub:
#33 (comment)

The reason why I started to fuzz Glastopf was because I had
installations that died unexpectedly, either after a visit from Google
bot or after a larger scan. The latter seldom care about following RFCs
or simliar. Hence strange requests

from glastopf.

Yea I really appreciate the feedback. Let me know if this has solved it.

from glastopf.

On 2013-01-20 22:04, Lukas Rist wrote:

Just made some changes to handle malformed requests. Could you give it a try? Tests running fine but haven't tried a lot.

---

Reply to this email directly or view it on GitHub:
#33 (comment)

I looks much better! I pushed a couple of thousand requests and no errors.

from glastopf.

Okay, closing this bug now. There is still the malformed request task open in case you stumble upon something else.

from glastopf.

On 2013-01-20 23:46, Lukas Rist wrote:

Okay, closing this bug now. There is still the malformed request task open in case you stumble upon something else.

---

Reply to this email directly or view it on GitHub:
#33 (comment)

Will let you know if I do

from glastopf.

On 2013-01-20 23:39, Lukas Rist wrote:

Yea I really appreciate the feedback. Let me know if this has solved it.

---

Reply to this email directly or view it on GitHub:
#33 (comment)

Great and once again thanks for a great honeypot =)

from glastopf.