Could not proxy request
brewballs opened this issue · 6 comments
I receive the following error when it tries to proxy a request back to my C2 server.
Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/tornado/web.py", line 1713, in _execute
result = await result
File "/root/RedWarden/lib/proxyhandler.py", line 1176, in get
self.my_handle_request()
File "/root/RedWarden/lib/proxyhandler.py", line 289, in my_handle_request
self._internal_my_handle_request(*args, **kwargs)
File "/root/RedWarden/lib/proxyhandler.py", line 422, in _internal_my_handle_request
output = handler()
File "/root/RedWarden/lib/proxyhandler.py", line 632, in _my_handle_request
assert scheme in ('http', 'https')
AssertionError
Hi! Thanks for reporting the bug.
Can you please show an excerpt from a log that happened right before the crash, as well as tell if there's any non http/s traffic flowing through RedWarden? It can only work with these two protocols, hence assertion failure :)
Regards,
Mariusz
It happened with HTTP & HTTPS
HTTP
Uncaught exception GET <IP1>://<IP1>:443/c/msdownload/update/others/2021/10/m7mwdIY4kYgqlulsc9nfscodkjbjkfpdlongkaockdcaomkcoddifdijchicfiegifhgkkkjpmlfgdechijhlpccjcibndgmhlflmdlpegnhacjfjjjlidpdchpemhfglchkpbdcpilndnaipbmaakpggnpamnfnegppbibegjlffhjncleokngaidbcelcpndgihmophgmpmcbnpgoheahlefdbdbonmghgmbnhkbgfgoiabnpfpnilndjccmcjjmiiamcjgjmfkicamnkde.cab (IP2) HTTPServerRequest(protocol='http', host=‘<‘Domain.com>, method='GET', uri=‘<IP1>://<IP1>:443/c/msdownload/update/others/2021/10/m7mwdIY4kYgqlulsc9nfscodkjbjkfpdlongkaockdcaomkcoddifdijchicfiegifhgkkkjpmlfgdechijhlpccjcibndgmhlflmdlpegnhacjfjjjlidpdchpemhfglchkpbdcpilndnaipbmaakpggnpamnfnegppbibegjlffhjncleokngaidbcelcpndgihmophgmpmcbnpgoheahlefdbdbonmghgmbnhkbgfgoiabnpfpnilndjccmcjjmiiamcjgjmfkicamnkde.cab', version='HTTP/1.1', remote_ip=‘IP2’)
HTTPS
INFO] 2022-09-29/20:21:15: [ALLOW, 2022-09-29/20:21:15, reason:1, IP2] peer's IP address is whitelisted: (IP2/32) [ALLOW, 2022-09-29/20:21:15, IP2, r:1] "/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbabockndjcdkhbmpgnbncfnbonkcjllffkdlodmemghfhehfifapjkggkniacklnakmbfnhpfcjcdbdecleebenjhieklikjmfgngfnnmbpdengpaahdpfkjfoge eomienhcjfgfkdalpakbhbdjcohhihllopdkohjfeinaeghkbggnhglgingekhbdihjhhpjdjhaocjjljekkoancocikjbdenhkeipaglcihchdbidinfjhfkinhkbcllbgkfd.cab" - UA: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom e/91.0.4472.124 Safari/537.36" [DEBUG] 2022-09-29/20:21:15: Peer reached the server at port: 443 [DEBUG] 2022-09-29/20:21:15: Redirecting to "IP2://IP2:443/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbabockndjcdkhbmpgnbncfnbonkcjllffkdlodmemghfhehfifapjkggkniacklnakmbfnhpfcjcdbdecleebenjhiekl ikjmfgngfnnmbpdengpaahdpfkjfogeeomienhcjfgfkdalpakbhbdjcohhihllopdkohjfeinaeghkbggnhglgingekhbdihjhhpjdjhaocjjljekkoancocikjbdenhkeipaglcihchdbidinfjhfkinhkbcllbgkfd.cab" [INFO] 2022-09-29/20:21:15: Plugin redirected request from [domain.com] to [IP2:443] [ERROR] 2022-09-29/20:21:15: Could not proxy request: () Uncaught exception GET IP2://IP2:443/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbabockndjcdkhbmpgnbncfnbonkcjllffkdlodmemghfhehfifapjkggkniacklnakmbfnhpfcjcdbdecleebenjhieklikjmfgngfnnmbpdengpaah dpfkjfogeeomienhcjfgfkdalpakbhbdjcohhihllopdkohjfeinaeghkbggnhglgingekhbdihjhhpjdjhaocjjljekkoancocikjbdenhkeipaglcihchdbidinfjhfkinhkbcllbgkfd.cab (IP2) HTTPServerRequest(protocol='https', host='domain.com', method='GET', uri='IP2://IP2:443/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbabockndjcdkhbmpgnbncfnbonkcjllffkdlodmemghfhehfifapj kggkniacklnakmbfnhpfcjcdbdecleebenjhieklikjmfgngfnnmbpdengpaahdpfkjfogeeomienhcjfgfkdalpakbhbdjcohhihllopdkohjfeinaeghkbggnhglgingekhbdihjhhpjdjhaocjjljekkoancocikjbdenhkeipaglcihchdbidinfjhfkinhkbcllbgkfd.cab', version='HTTP/1.1', r emote_ip='IP2')
Hmmm that's interesting - these lines indicate inbound request originated from http, whereas assertion claims otherwise. Can you please comment out 632 line in /root/RedWarden/lib/proxyhandler.py - the one with assert in it & see what happens? Maybe it'll work regardless of that assertion.
proxyhandler
' if not dont_fetch_response:
try:
#assert scheme in ('http', 'https')
fetchurl = req_path_full.replace(netloc, outbound_origin)
ip = ''
try:
#ip = socket.gethostbyname(urlparse(fetchurl).netloc)
ip = socket.gethostbyname(outbound_origin)'
Error
[ERROR] 2022-09-29/22:39:32: COULD NOT FETCH RESPONSE FROM REMOTE AGENT: No connection adapters were found for 'IP1://IP1:443/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbaclokjfcpliaemnjipogefcbcchejjeacccemhhichahgdlncpfdmjhpoiaehhdphpebekphdjdbgcldpbildodchjhdbjbcehfcgeengocpjgaopahikijflggcfkfijkfeeodnldpafdcjbdmjmgcjedehddpkmeikodecjkpdmgbgnfmdiiloogfnblmmjmeelbkhpkideigfhjnjfdcafggnekkmbgeaaimakabbagblfammmbdffejhindlh.cab' [ERROR] 2022-09-29/22:39:32: Could not proxy request: (No connection adapters were found for 'IP1://IP1:443/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbaclokjfcpliaemnjipogefcbcchejjeacccemhhichahgdlncpfdmjhpoiaehhdphpebekphdjdbgcldpbildodchjhdbjbcehfcgeengocpjgaopahikijflggcfkfijkfeeodnldpafdcjbdmjmgcjedehddpkmeikodecjkpdmgbgnfmdiiloogfnblmmjmeelbkhpkideigfhjnjfdcafggnekkmbgeaaimakabbagblfammmbdffejhindlh.cab') Uncaught exception GET IP1://IP1:443/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbaclokjfcpliaemnjipogefcbcchejjeacccemhhichahgdlncpfdmjhpoiaehhdphpebekphdjdbgcldpbildodchjhdbjbcehfcgeengocpjgaopahikijflggcfkfijkfeeodnldpafdcjbdmjmgcjedehddpkmeikodecjkpdmgbgnfmdiiloogfnblmmjmeelbkhpkideigfhjnjfdcafggnekkmbgeaaimakabbagblfammmbdffejhindlh.cab (IP2) HTTPServerRequest(protocol='https', host='domain.com', method='GET', uri='IP1://IP1:443/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbaclokjfcpliaemnjipogefcbcchejjeacccemhhichahgdlncpfdmjhpoiaehhdphpebekphdjdbgcldpbildodchjhdbjbcehfcgeengocpjgaopahikijflggcfkfijkfeeodnldpafdcjbdmjmgcjedehddpkmeikodecjkpdmgbgnfmdiiloogfnblmmjmeelbkhpkideigfhjnjfdcafggnekkmbgeaaimakabbagblfammmbdffejhindlh.cab', version='HTTP/1.1', remote_ip='IP2') Traceback (most recent call last): File "/usr/local/lib/python3.10/dist-packages/tornado/web.py", line 1713, in _execute result = await result File "/root/RedWarden/lib/proxyhandler.py", line 1176, in get self.my_handle_request() File "/root/RedWarden/lib/proxyhandler.py", line 289, in my_handle_request self._internal_my_handle_request(*args, **kwargs) File "/root/RedWarden/lib/proxyhandler.py", line 422, in _internal_my_handle_request output = handler() File "/root/RedWarden/lib/proxyhandler.py", line 706, in _my_handle_request myreq = requests.request( File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 649, in send adapter = self.get_adapter(url=request.url) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 742, in get_adapter raise InvalidSchema("No connection adapters were found for {!r}".format(url)) requests.exceptions.InvalidSchema: No connection adapters were found for 'IP1://IP1:443/c/msdownload/update/others/2021/10/oLDjKo24WcyUgSODjygB7cNqEFbaclokjfcpliaemnjipogefcbcchejjeacccemhhichahgdlncpfdmjhpoiaehhdphpebekphdjdbgcldpbildodchjhdbjbcehfcgeengocpjgaopahikijflggcfkfijkfeeodnldpafdcjbdmjmgcjedehddpkmeikodecjkpdmgbgnfmdiiloogfnblmmjmeelbkhpkideigfhjnjfdcafggnekkmbgeaaimakabbagblfammmbdffejhindlh.cab'
OK, I fixed my issue. Not sure which change fixed everything.
I changed the listening port down to 443 only. Then I changed the team server url to https://<mydomain.com>:443 in my yaml config file. Finally, I added the 632 line back to the proxyhandler.py file. I'll tinker with it a bit to see what exactly resolved it.
I appreciate the quick response. Thanks!
Cool! Closing it, feel free to reopen if problem remains