Comments (19)
Do you have the request method?
from glastopf.
GET requests
from glastopf.
Strange, GET http://192.168.9.34/index.php?id=%0D%0AH% HTTP/1.1 gets matched quite well with ([A-Z0-9$-_.]{3,10})\s+(.*)\s+(HTTP/\d+.\d+). Could you do a print repr(request[0])
in line 88 of /opt/glastopf/modules/HTTP/util.py
from glastopf.
"GET /index.php?id=' =' HTTP/1.1"
2013-01-20 13:12:30,534 (glastopf) 192.168.9.113 requested GET
/index.php?id=' =' on 192.168.9.34
'GET /style.css HTTP/1.1'
2013-01-20 13:12:30,742 (glastopf) 192.168.9.113 requested GET
/style.css on 192.168.9.34
'GET /favicon.ico HTTP/1.1'
2013-01-20 13:12:31,121 (glastopf) 192.168.9.113 requested GET
/favicon.ico on 192.168.9.34
"GET /index.php?id=' =' HTTP/1.1"
2013-01-20 13:12:33,170 (glastopf) 192.168.9.113 requested GET
/index.php?id=' =' on 192.168.9.34
'GET /style.css HTTP/1.1'
2013-01-20 13:12:33,346 (glastopf) 192.168.9.113 requested GET
/style.css on 192.168.9.34
"GET /index.php?id=' =' HTTP/1.1"
2013-01-20 13:12:33,749 (glastopf) 192.168.9.113 requested GET
/index.php?id=' =' on 192.168.9.34
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/evnet-1.0_5-py2.7.egg/evnet/init.py",
line 48, in loop
else: l.start()
OSError: [Errno 9] Bad file descriptor: '<pyev.Io object at
0x7f25d81621e8> has been stopped'
oserror [Errno 9] Bad file descriptor: '<pyev.Io object at
0x7f25d81621e8> has been stopped' (9, 'Bad file descriptor')
from glastopf.
Well looks like we found it. I'll fix it right now
from glastopf.
Hm, this is not causing the AttributeError anymore?
OSError is an old fellow: rep/evnet#3
from glastopf.
On 2013-01-20 13:41, Lukas Rist wrote:
Hm, this is not causing the AttributeError anymore?
OSError is an old fellow: rep/evnet#3
Reply to this email directly or view it on GitHub:
#33 (comment)
As in, it should not happen anymore? It's a new test install got the
installation from Git yesterday.
from glastopf.
Nope, I think we never properly solved that OSError thing.
Do you have a request that causes the AttributeError? Can't reproduce from what I got so far.
from glastopf.
On 2013-01-20 14:14, Lukas Rist wrote:
Nope, I think we never properly solved that OSError thing.
Do you have a request that causes the AttributeError? Can't reproduce from what I got so far.
Reply to this email directly or view it on GitHub:
#33 (comment)
The supplied request, applied several times should reproduce the problem.
http://192.168.9.34/index.php?id=%27%20%3D%27 (just insert it into you
favourite browser) and ctrl + r a couple of times.
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/evnet-1.0_5-py2.7.egg/evnet/init.py",
line 48, in loop
else: l.start()
OSError: [Errno 9] Bad file descriptor: '<pyev.Io object at
0x7fa0c0162160> has been stopped'
oserror [Errno 9] Bad file descriptor: '<pyev.Io object at
0x7fa0c0162160> has been stopped' (9, 'Bad file descriptor')
from glastopf.
I was hoping to reproduce this error: AttributeError: 'NoneType' object has no attribute 'group'
from glastopf.
On 2013-01-20 14:43, Lukas Rist wrote:
I was hoping to reproduce this error:
AttributeError: 'NoneType' object has no attribute 'group'
Reply to this email directly or view it on GitHub:
#33 (comment)
Send: http://192.168.9.34/index.php?id=%0D%0AH% several times, this
should give you the error
GET /index.php?id='
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/evnet-1.0_5-py2.7.egg/evnet/init.py",
line 566, in _readable
self._event('read', data)
File
"/usr/local/lib/python2.7/dist-packages/evnet-1.0_5-py2.7.egg/evnet/util.py",
line 16, in _event
cb(*args)
File "webserver.py", line 63, in read
response = self.glastopf_honeypot.handle_request(d, self.addr, self.c)
File "/opt/glastopf/glastopf.py", line 108, in handle_request
attack_event.parsed_request =
self.HTTP_parser.parse_request(raw_request)
File "/opt/glastopf/modules/HTTP/util.py", line 91, in parse_request
parsed_request.method = re_grp.group(1)
AttributeError: 'NoneType' object has no attribute 'group'
from glastopf.
Well this particular request is missing the HTTP version:
GET /index.php?id=%0D%0AH%
instead of:
GET /index.php?id=%0D%0AH% HTTP/1.1
Which is meant to fail (although we should handle it properly)
from glastopf.
Just made some changes to handle malformed requests. Could you give it a try? Tests running fine but haven't tried a lot.
from glastopf.
On 2013-01-20 15:39, Lukas Rist wrote:
Well this particular request is missing the HTTP version:
GET /index.php?id=%0D%0AH%
instead of:
GET /index.php?id=%0D%0AH% HTTP/1.1
Which is meant to fail (although we should handle it properly)
Reply to this email directly or view it on GitHub:
#33 (comment)
The reason why I started to fuzz Glastopf was because I had
installations that died unexpectedly, either after a visit from Google
bot or after a larger scan. The latter seldom care about following RFCs
or simliar. Hence strange requests
from glastopf.
Yea I really appreciate the feedback. Let me know if this has solved it.
from glastopf.
On 2013-01-20 22:04, Lukas Rist wrote:
Just made some changes to handle malformed requests. Could you give it a try? Tests running fine but haven't tried a lot.
Reply to this email directly or view it on GitHub:
#33 (comment)
I looks much better! I pushed a couple of thousand requests and no errors.
from glastopf.
Okay, closing this bug now. There is still the malformed request task open in case you stumble upon something else.
from glastopf.
On 2013-01-20 23:46, Lukas Rist wrote:
Okay, closing this bug now. There is still the malformed request task open in case you stumble upon something else.
Reply to this email directly or view it on GitHub:
#33 (comment)
Will let you know if I do
from glastopf.
On 2013-01-20 23:39, Lukas Rist wrote:
Yea I really appreciate the feedback. Let me know if this has solved it.
Reply to this email directly or view it on GitHub:
#33 (comment)
Great and once again thanks for a great honeypot =)
from glastopf.
Related Issues (20)
- hpfeeds wont shut off HOT 2
- How to make my own web template? HOT 8
- php-dev HOT 1
- error [98] Address already in use HOT 1
- Bugged behavior of wsgi_wrapper.py HOT 3
- row size too large HOT 1
- make && make install error HOT 2
- Glastop does not work with HTTPS traffic HOT 5
- there is a vulnerability of Server-Side Request Forgery HOT 13
- sql injection HOT 1
- How to disenable s3 log ?
- Install Glastopf failed HOT 4
- Help! Where does glastopf store comments? HOT 6
- Potential dependency conflicts between glastopf and chardet HOT 3
- Giving ImportError : No module named ordered_dict HOT 2
- Segmentation Fault on glastopf-runner HOT 2
- not work with docker...GPG with invalid signatures... HOT 1
- Does this glastopf provide for sql injection attack detection? HOT 3
- Dockerfile Error HOT 2
- Filtering Non-Invasive Behaviors in Glastopf Reports to MHN HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from glastopf.