Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 10:12
    dependabot[bot] labeled #454
  • 10:12
    dependabot[bot] opened #454
  • 10:12

    dependabot[bot] on pip

    build(deps): bump ua-parser fro… (compare)

  • 10:11
    dependabot[bot] opened #453
  • 10:11
    dependabot[bot] labeled #453
  • 10:11

    dependabot[bot] on pip

    build(deps-dev): bump types-red… (compare)

  • Jun 28 16:05
    dependabot[bot] commented #452
  • Jun 28 16:05

    dependabot[bot] on pip

    (compare)

  • Jun 28 16:05
    dependabot[bot] closed #452
  • Jun 28 16:05
    dependabot[bot] edited #452
  • Jun 28 16:04
    dependabot[bot] edited #452
  • Jun 28 16:04

    Rafiot on main

    chg: Bump deps (compare)

  • Jun 28 10:05
    dependabot[bot] labeled #452
  • Jun 28 10:05
    dependabot[bot] opened #452
  • Jun 28 10:05

    dependabot[bot] on pip

    build(deps): bump redis from 4.… (compare)

  • Jun 26 16:05

    Rafiot on v1.13.0

    (compare)

  • Jun 26 15:09

    Rafiot on main

    chg: Bump js deps chg: Bump deps, version. (compare)

  • Jun 26 14:36

    Rafiot on v1.13.0

    (compare)

  • Jun 26 14:36

    Rafiot on main

    chg: Bump version, deps (compare)

  • Jun 23 17:25

    Rafiot on main

    fix: bump har2tree, handle exce… (compare)

askkemp
@askkemp
Hello. First timer. I see notes that the docker compose isn't supposed to work. Yet, it seems to all work except the drawing of the diagrams of the capture. Can anyone confirm if there is an issue?
askkemp
@askkemp
Same problem non-docker compose. If anyone's around, I could use some general troubleshooting guidance
askkemp
@askkemp
I found out why... no idea why this isn't documented in the install.... Must download https://d3js.org/d3.v7.min.js and put into static web folder
Fafner [_KeyZee_]
@F_kZ__twitter
It should be done during the install
Did you run this command: poetry run update --yes
I will reinstall a new instance this week to check if all is clean or not, but if the script fails on config files checking, it doesn't download web dependencies...
askkemp
@askkemp
Running that did add the missing files d3.v7.min.js, datatables.min.js, datatables.min.css
looks like I missed that step in my manual install
and it looks like that command is missing from the dockerfile
Fafner [_KeyZee_]
@F_kZ__twitter
Will push an update for docker soon ;)
Fafner [_KeyZee_]
@F_kZ__twitter
@askkemp Lookyloo/lookyloo#233 this should fix your missing deps for Dockerfile ;)
askkemp
@askkemp
@F_kZ__twitter it does! Thank you.
Has there been any consideration for Yara scanning the har files? For example, to know if the contents of response.content.text contain a certain string.
askkemp
@askkemp
https://github.com/marmeladema/yara-har
He patched Yara 3.8 to parse har files. I like it in concept. Looking at it, I don't think you can create a rule to look at the contents (e.g strings) of the response.text but instead exact values (e.g. value of key)
Fafner [_KeyZee_]
@F_kZ__twitter
will try to add the uwhoisd template, soon
Raphaël
@raph:matrix.circl.lu
[m]
Sorry for the late answer, I was off for a few days
yara-har is interesting, but it also looks very unmaintained, so I'm not sure about adding that dep
but on the other end, having a way to run yara on resources is very interesting and that's something I could be able to add
askkemp
@askkemp
@raph:matrix.circl.lu I've been thinking about how the data should be presented to yara. I'd want to run a signature against not only the content of the webpage but also the HTTP headers. Much like how it 'd be seen in a PCAP stream. But to make that happen requires deconstructing the HAR JSON and combining various key values which seems ugly.
Raphaël
@raph:matrix.circl.lu
[m]
it's a bit tricky, and I don't know yara super well, but it would make sense to be able to match Yara rules against a request/response object in the har file
askkemp
@askkemp
I also want to say I support #193 to have information logged for the certificate. Problems I see is that I don't believe HAR has a native place to store certificates data so it'd have to be expanded. And, I don't think Splash is capturing it either.
Raphaël
@raph:matrix.circl.lu
[m]
absolutely, splash doesn't have that. One option is to do the same as with DNS: re-running the query for each domain (and for SSL certs, against a passive ssl service)
splash has a few very annoying limitations, but replacing it is a serious pain
the HAR format is flexible, and it is possible to just add new keys (that's what chrome does), but again, that will require to modify splash and/or the qt-webkit backend
and that's a lot of work
on the long run, we should probably use something else than splash, but maintaining a complete stack for capturing is not something I can realistically do