Sinatra error after click link with ?key=<data>"
Closed this issue · 22 comments
Example URL
results in this error from Sinatra
2015-05-28 16:05:02 - NameError - uninitialized constant Cartero::SinatraHelpers::RbNaCl:
/root/git/Cartero/lib/cartero/sinatra_helpers.rb:51:in rescue in process_info' /root/git/Cartero/lib/cartero/sinatra_helpers.rb:48:inprocess_info'
/tmp/salesf/salesf.rb:26:in block in <class:Salesf>' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1610:incall'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1610:in block in compile!' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:974:in[]'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:974:in block (3 levels) in route!' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:993:inroute_eval'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:974:in block (2 levels) in route!' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1014:inblock in process_route'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1012:in catch' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1012:inprocess_route'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:972:in block in route!' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:971:ineach'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:971:in route!' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1084:inblock in dispatch!'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066:in block in invoke' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066:incatch'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066:in invoke' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1081:indispatch!'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:906:in block in call!' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066:inblock in invoke'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066:in catch' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066:ininvoke'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:906:in call!' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:894:incall'
/usr/local/rvm/gems/ruby-2.1.6/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:in call' /usr/local/rvm/gems/ruby-2.1.6/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16:incall'
/usr/local/rvm/gems/ruby-2.1.6/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18:in call' /usr/local/rvm/gems/ruby-2.1.6/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:incall'
/usr/local/rvm/gems/ruby-2.1.6/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in call' /usr/local/rvm/gems/ruby-2.1.6/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31:incall'
/usr/local/rvm/gems/ruby-2.1.6/gems/rack-1.6.1/lib/rack/nulllogger.rb:9:in call' /usr/local/rvm/gems/ruby-2.1.6/gems/rack-1.6.1/lib/rack/head.rb:13:incall'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/show_exceptions.rb:21:in call' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:181:incall'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:2021:in call' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1486:inblock in call'
/usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1795:in synchronize' /usr/local/rvm/gems/ruby-2.1.6/gems/sinatra-1.4.6/lib/sinatra/base.rb:1486:incall'
/usr/local/rvm/gems/ruby-2.1.6/gems/puma-2.11.3/lib/puma/configuration.rb:51:in call' /usr/local/rvm/gems/ruby-2.1.6/gems/puma-2.11.3/lib/puma/server.rb:507:inhandle_request'
/usr/local/rvm/gems/ruby-2.1.6/gems/puma-2.11.3/lib/puma/server.rb:375:in process_client' /usr/local/rvm/gems/ruby-2.1.6/gems/puma-2.11.3/lib/puma/server.rb:262:inblock in run'
/usr/local/rvm/gems/ruby-2.1.6/gems/puma-2.11.3/lib/puma/thread_pool.rb:104:in call' /usr/local/rvm/gems/ruby-2.1.6/gems/puma-2.11.3/lib/puma/thread_pool.rb:104:inblock in spawn_thread'
Let me know if you need anything else!
added require 'rbnacl/libsodium' to sinatra_helpers.rb, now I am stuck with "bad decrypt" in aes.rb.
how you executing this, which platform, etc. It should be resolved automatically. which version you are running ?
I ask because these dependencies should be working if you are using bin/cartero Listener -W /path/app
Cloned from git running on Kali 3.18.0-kali3-amd64
./bin/cartero --version
0.5.2.redirecto
ruby -v
ruby 2.1.6p336 (2015-04-13 revision 50298) [x86_64-linux]
./bin/cartero Listener -i 0.0.0.0 -p 80 --webserver /tmp/salesf
and the mail message being sent is just http://url/click?key<%= self[:payload] %>
you should do two things.
$ bundle update
$ bin/cartero Update --updateand try again. You are a few versions behind. Although things should work for your release. Still good chance to fix them. The encryption by default is AES. Although you can choose to use the old rbnacl. The weird part is that those dependencies should be solved.
back to the original error -
2015-05-28 17:14:39 - NameError - uninitialized constant Cartero::SinatraHelpers::RbNaCl:
/root/git/Cartero/lib/cartero/sinatra_helpers.rb:51:in rescue in process_info' /root/git/Cartero/lib/cartero/sinatra_helpers.rb:48:inprocess_info'
/tmp/sales/sales.rb:26:in `block in class:Sales'
I'll give the old rbnacl a try as well. What's the latest version? even after the update I'm showing 0.5.2.redirecto
The version was the latest one. Although I did push a few fixes this past few days. I think there is still a few things on dev branch, but those will be part of next week release. Very odd.
lib/cartero/crypto_box.rb is the file that should be loading the crypto files. If you need to get them working feel free to add those to your sinatra_helpers.rb while I keep on researching, but I cannot replicate your error for some reason.
Just tried on a Ubuntu 14.04 and same errors. I'll try adding crypto_box.rb and see how it goes.
Weird, I am setting up an ubuntu 15.04 with packer, clean install and i'll let you know as well. As, soon as I can replicate, i'll fix it and push a patch to master.
Ok, finally able to replicate. I guess while moving things along to optimize code, I f*ed up something fixing it soon, already debugging code and working on it.
@marksee can you check and see if the new updates fix your issues
cartero Update --updateFixed the initial dependency issue, now errors out on a bad decrypt when clicking the payload -
2015-05-29 09:43:11 - OpenSSL::Cipher::CipherError - bad decrypt:
/root/git/Cartero/lib/cartero/crypto/aes.rb:51:in final' /root/git/Cartero/lib/cartero/crypto/aes.rb:51:indecrypt'
/root/git/Cartero/lib/cartero/sinatra_helpers.rb:49:in process_info' /tmp/sales/sales.rb:26:inblock in class:Sales'
Ok interesting I tested the encrypt / decrypt yesterday and it was working. Can you try to delete your ~/.cartero !?
If that does not want or you do not want to loose your info only remove the crypto info. Re send the emails since a new key will be used I am thinking it might be that.
Ok I'll work on this as well. And sorry not sure what is happening it was working. If you want you can remove he aes option from ~/.cartero/config this will avoid using aes. Is yet another option.
same errors with removed and recreated ~/.cartero
I removed the aes in the config, now coming up with this -
2015-05-29 10:45:54 - NameError - undefined local variable or method data' for #<Sales:0x00000002072428>: /root/git/Cartero/lib/cartero/sinatra_helpers.rb:155:insave_create_person'
/root/git/Cartero/lib/cartero/sinatra_helpers.rb:61:in process_info' /tmp/sales/sales.rb:26:inblock in class:Sales'
Ok so encryption worked with the old encryption scheme. Good for now, next error seams something completely different, related to a db issue. I am going to be working on that and the AES. I have a feeling it is some random error with encoding or something because I just re tried to encrypt / decrypt manually and it worked.
Ok easy error, while I fix it myself line 155 on Sinatra_helpers.rb should be @DaTa not data missing the @. I'll fix that but before I patch I want to fix the AES issues as well.
on to the next one -
2015-05-29 11:06:03 - NameError - undefined local variable or method person' for #<Sales:0x00000002c619f0>: /root/git/Cartero/lib/cartero/sinatra_helpers.rb:66:inprocess_info'
/tmp/sales/sales.rb:26:in `block in class:Sales'
Well there we go. It was not only that. It was that and a few other issues as you pointed out. Hopefully now this will work. 👍
I will leave this bug open until I fix the AES issue. Which is in all honestly mind bugging because it should be freaking working 👎 👻
Looking good! Thank's for the quick responses. I'll let you know if I run into any other bugs!