Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add chrome with mitmproxy crawler and report #1888

Open
wants to merge 40 commits into
base: main
Choose a base branch
from
Open

Add chrome with mitmproxy crawler and report #1888

wants to merge 40 commits into from

Conversation

floort
Copy link

@floort floort commented Oct 9, 2023

No description provided.

floort and others added 26 commits October 8, 2023 13:10
@floort
Added site crawler files
b3573f7
@floort
Change crawler startup
22461b9 
Run headless
Default to 3 visits
1 concurrent browser
Single url as -u parameter instead of file with multiple urls
@dekkers
Add dockerfile
796b415
@floort
Trust mitmproxy certificates
a399dd2
@floort
Fix cert update command
39811f4
@floort
Inject certificate before visiting first url
17c3fcf
@dekkers
Add kat boefje
d492d17
@dekkers
Fix boefje
2c00cd2
@dekkers
Fix path and add debug logging
70ed9d7
@floort
Normaliseer mitmproxy bestanden
de5b165
@dekkers
Add mitmproxy
3d7aea3
@dekkers
Merge remote-tracking branch 'floort/main' into lapje
0678025
@floort
Import io only once
03c0188
@floort
Change crawler startup
c271bcd 
Run headless
Default to 3 visits
1 concurrent browser
Single url as -u parameter instead of file with multiple urls
@dekkers @floort
Add dockerfile
aef7d6b
@floort
Trust mitmproxy certificates
6975ce7
@floort
Fix cert update command
8d41db7
@floort
Inject certificate before visiting first url
90d8364
@dekkers @floort
Add kat boefje
717e3e2
@dekkers @floort
Fix boefje
1c80e66
@dekkers @floort
Fix path and add debug logging
353b6e1
@dekkers @floort
Add mitmproxy
4df21d3
@floort
Normaliseer mitmproxy bestanden
e96ded1
@floort
Import io only once
c48aa3d
@floort
Remove mitmproxy file
4227f71
@floort
Merge branch 'main' of https://github.com/floort/nl-kat-coordination
905666b
@floort floort requested a review from a team as a code owner October 9, 2023 20:47
@Darwinkel
Copy link
Contributor

Checklist for QA:

  • I have checked out this branch, and successfully ran a fresh make reset.
  • I confirmed that there are no unintended functional regressions in this branch:
    • I have managed to pass the onboarding flow
    • Objects and Findings are created properly
    • Tasks are created and completed properly
  • I confirmed that the PR's advertised feature or hotfix works as intended.

I just want to say I think it's awesome to see that the work we did for the containerized boefjes and the the new report generation is paying off! 🎉

What works:

  • Boefje and normalizer output looks good
  • Report generation works as intended
  • Tested on a bunch of ugly websites, looks like the retrieved information is correct (plus no crashes)

What doesn't work:

  • Image does not exist yet and requires running docker build -t lapje boefjes/images/lapje. I think we should modify and generalize masscan's workflow before we merge this (shouldn't be to much work).

  • Minor overflow bug on the reports page when dealing with long cookie values:
    (not a bug introduced by this PR though, we should fix this in a separate PR)
    image

Bug or feature?:

  • Chrome is currently not pinned. To prevent unexpected regressions like the ones we've seen in the past, we probably should. I don't think this is possible through Google's repository though. Why don't we use Debian's chromium package?

  • From the report page, it is not entirely clear why some records have no values/content, and only a hostname. Some more info (maybe in Lapje's katalogus detail page) about what Lapje does exactly, and how its objects should be interpreted, would be nice.
    image

@Rieven Rieven mentioned this pull request Oct 19, 2023
Closed
@dekkers
Copy link
Contributor

dekkers commented Oct 31, 2023
edited
Loading

I renamed the boefje and normalizer.

Image does not exist yet and requires running docker build -t lapje boefjes/images/lapje. I think we should modify and generalize masscan's workflow before we merge this (shouldn't be to much work).

I added the github workflow, but that currently fails because external contributors PRs can't push to the container registry. Should be fixed when the PR is merged.

Minor overflow bug on the reports page when dealing with long cookie values:
(not a bug introduced by this PR though, we should fix this in a separate PR)

This has been fixed.

Chrome is currently not pinned. To prevent unexpected regressions like the ones we've seen in the past, we probably should. I don't think this is possible through Google's repository though. Why don't we use Debian's chromium package?

Chrome is used because we are not sure that Debian's chromium doesn't have any modifications that impact the results or might get those in the future. I think getting accurate results using the browser that most people use is more important than the risk of breakage from newer versions.

From the report page, it is not entirely clear why some records have no values/content, and only a hostname. Some more info (maybe in Lapje's katalogus detail page) about what Lapje does exactly, and how its objects should be interpreted, would be nice.

The records have no value because they are external requests that don't set a cookie. The fact that there is an external request is already useful information.

@underdarknl
Copy link
Contributor

Multiple pages inside a HAR file can be dealt with in a separate issue:
#1996

underdarknl
underdarknl reviewed Nov 2, 2023
View reviewed changes
boefjes/boefjes/plugins/kat_chrome_mitmproxy/main.py

logger = logging.getLogger(__name__)

OCI_IMAGE = "ghcr.io/minvws/nl-kat-chrome-crawler-mitmproxy:latest"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we pin this to a version once we have this PR merged, and a version build and uploaded? While I understand the flexibility in building the image from the latest upstream chome version, I'd want to avoid a situation where the day to day usage of a boefje changes based on a new version of the used container if we can.

@stephanie0x00
Copy link
Contributor

Checklist for QA:

  • I have checked out this branch, and successfully ran a fresh make reset.
  • I confirmed that there are no unintended functional regressions in this branch:
    • I have managed to pass the onboarding flow
    • [] Objects and Findings are created properly
    • Tasks are created and completed properly
  • I confirmed that the PR's advertised feature or hotfix works as intended.

What works:

  • Objects are created.
  • Report can be generated which shows a nice table with all the cookies found and its settings.

What doesn't work:

  • It appears that no Findings are currently being created when cookies are insufficient, e.g. when the Secure or HttpOnly flag is missing. This is something I'd expect as a minimum feature.
  • The output is stored as json/dictionairy-format under Objects. This does not match how other boefjes display their output. (See screenshot below)
  • It does not appear to crawl past the root of an URL, at least not for the various domains I've tried.
  • The explanation in the Katalogus should be improved. Currently the name of this boefje suggests that it crawls web applications for various paths (aka dirbuster-alike), it doesn't mention anything about crawling for cookies. (See screenshot below)

Bug or feature?:

Nothing found yet that hasn't been mentioned before.

Screenshots

mitproxy-objects

mitmproxy-katalogus

@dekkers dekkers modified the milestones: OpenKAT v1.14, OpenKAT v1.15 Jan 18, 2024
@underdarknl
Copy link
Contributor

Lets create a HAR file boefje from this PR, and move the normalisers to a separate issues / PR once we figure out what kind of objects we want in the graph (specifically, how fine grained we want the cookies)

@underdarknl underdarknl removed this from the OpenKAT v1.17 milestone Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@underdarknl underdarknl underdarknl left review comments

@Rieven Rieven Rieven left review comments

@Donnype Donnype Donnype left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@dekkers dekkers

Labels
boefjes Issues related to boefjes
Projects
KAT
Status: Backlog / To do
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@floort @Darwinkel @dekkers @underdarknl @stephanie0x00 @Rieven @Donnype