Friday, October 31, 2014

Cuckoo Sandbox API with Apache

This is yet another short Cuckoo post.

If you would like to quickly get the Cuckoo API to work with Apache this one is for you.

You can have both the API and the Web Interface configuration in the same webserver config.

Add the following to your chosen Apache virtualhost configuration (default, ssl)

 # Cuckoo API  
                WSGIDaemonProcess api user=<USER> group=<GROUP> processes=1 threads=5
                WSGIScriptAlias /api <PATH>/cuckoo/utils/api.wsgi process-group=api
                <Directory <PATH>/cuckoo/utils/>
                         WSGIApplicationGroup %{GLOBAL}
                        <Files api.wsgi>
                        Require all granted
                        </Files>
                </Directory>


In the Cuckoo utils directory create the file api.wsgi

# make api.py wsgi enabled

import os
import sys

cur_dir = os.path.dirname(__file__)

os.chdir(cur_dir)
sys.path.append(cur_dir)

import bottle
import api

application = bottle.default_app()


/Mikael @nsmfoo

Wednesday, August 6, 2014

Cuckoo Sandbox web interface with Apache

This is a short write-up of how you get the new Django web interface, that ships with current Cuckoo Sandbox working behind Apache.

As the documentation is thin and required some tweaking to get it to work, you might find it useful

The Django interface can be run as a standalone process, using the manage.py script, that one is well documented:  http://docs.cuckoosandbox.org/en/latest/usage/web/

So to get it to work behind Apache I had to do the following:

Please note that this might not be the best way or if you plan to publish the web interface directly on the Internet it might also not suit your needs, that being said:

Begin with editing the file local_settings.py which can be found in cuckoo/web/web directory
Set the variable CUCKOO_PATH = "<path to cuckoo> (e.g: /home/user/cuckoo)"

Then continue to edit the file wsgi.py which also can be found in the cuckoo/web/web directory

From this:

               "import os


                     os.environ.setdefault("DJANGO_SETTINGS_MODULE", "web.settings")"

To look like this:

                     import os, sys

                    sys.path.append('<path to cuckoo>)
                   sys.path.append('<path to cuckoo>/web')
                   os.chdir('<path to cuckoo>/web/')


                 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "web.settings")


Over to Apache.

Add the following lines to your chosen Apache virtualhost configuration (default, ssl)

 WSGIScriptAlias /  <path to cuckoo>/web/web/wsgi.py
        <Directory <path to cuckoo>/web/web>
                <Files wsgi.py>
                Require all granted
                </Files>
        </Directory>

        Alias /static /<path to cuckoo>/web/static
        <Directory <path to cuckoo>web/static/>
                Require all granted
        </Directory> 

You will also need to change the user which Apache run as, this is to enabled the web interface to have access to temporary files created by Cuckoo. This is done in the file envvars (/etc/apache2/)

The variables to change are:

From:

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

To:

export APACHE_RUN_USER=<cuckoo user>
export APACHE_RUN_GROUP=<cuckoo user group>

The above changes should not be needed if you choose to change the path for the tmp files created by Cuckoo and give the default Apache user access to that directory. This change will have to be made both in cuckoo.conf and in the local_settings.py if you choose to do so.

/Micke






Thursday, May 8, 2014

Installing Honeyproxy

Just a few quick notes on howto install Honeyproxy.

Honeyproxy which is based on mitmproxy is being re-integrated back into mitmproxy, currently there is no really good installation documentation, so here goes ..

This was tested on a Ubuntu 14.04 Desktop 64-bit.

apt-get install python-dev libxml2-dev libxslt1-dev lib32z1-dev python-pip git
git clone https://github.com/mitmproxy/mitmproxy.git
cd mitmproxy
git checkout integrate_honeyproxy
git submodule update --init --recursive
pip install -r requirements.txt
pip install pyamf protobuf
python setup.py install
If everything worked out fine, you can start honeyproxy by running: mitmproxy-gui

/Micke