eciavatta / caronte Goto Github PK
View Code? Open in Web Editor NEWA tool to analyze the network flow during attack/defence Capture the Flag competitions
License: GNU General Public License v3.0
A tool to analyze the network flow during attack/defence Capture the Flag competitions
License: GNU General Public License v3.0
One thing we have noticed while using Caronte is that it's hard to find out
which pcap file a specific stream is from. If you want to manually look at packets/streams
before and after the stream you have found in Caronte, we had to basically download
all pcaps and just open all of them to find the correct stream.
When I try to delete a session by using DELETE method it doesn't remove any session, the return status is 202 (accepted) but the sessions remain unchanged. I think there are some trouble with the cancelFunc() method (caronte/pcap_importer.go:161)
As I try to send PCAPs files (captured with tcpdump -i ens18 -w out.pcap
) to caronte via API, either via POST to /api/pcap/upload
or via POST to /api/pcap/file
I get the following error and the docker container crashes:
caronte_1 | panic: interface conversion: interface is nil, not hyperscan.database
caronte_1 |
caronte_1 | goroutine 117 [running]:
caronte_1 | github.com/flier/gohs/hyperscan.NewScratch(0x0, 0x0, 0x0, 0x0, 0x0)
caronte_1 | /root/go/pkg/mod/github.com/flier/[email protected]/hyperscan/runtime.go:22 +0x45
caronte_1 | main.(*BiDirectionalStreamFactory).takeScanner(0xc00031adc0, 0x0, 0x0, 0x0)
caronte_1 | /caronte/connection_handler.go:117 +0x163
caronte_1 | main.(*BiDirectionalStreamFactory).New(0xc00031adc0, 0x1, 0x4, 0x4, 0x440f77a8, 0x0, 0xdb612e5d, 0x0, 0x4, 0x2, ...)
caronte_1 | /caronte/connection_handler.go:175 +0xeec
caronte_1 | github.com/google/gopacket/tcpassembly.(*StreamPool).getConnection(0xc00012e380, 0x1, 0x4, 0x4, 0x440f77a8, 0x0, 0xdb612e5d, 0x0, 0x4, 0x2, ...)
caronte_1 | /root/go/pkg/mod/github.com/google/[email protected]/tcpassembly/assembly.go:502 +0x1ea
caronte_1 | github.com/google/gopacket/tcpassembly.(*Assembler).AssembleWithTimestamp(0xc0000acb80, 0x1, 0x4, 0x4, 0x440f77a8, 0x0, 0xdb612e5d, 0x0, 0xc0001ae000, 0xdff7f00, ...)
caronte_1 | /root/go/pkg/mod/github.com/google/[email protected]/tcpassembly/assembly.go:550 +0x27f
caronte_1 | main.(*PcapImporter).parsePcap(0xc000482700, 0xc000316b80, 0x40, 0xc0284a8bbad061e8, 0x363bcb01f2, 0x1580e20, 0x87b2, 0x0, 0x0, 0x0, ...)
caronte_1 | /caronte/pcap_importer.go:249 +0xb8c
caronte_1 | created by main.(*PcapImporter).ImportPcap
caronte_1 | /caronte/pcap_importer.go:132 +0x57e
From the frontend it must be possible to download the contents of a connection in the selected format
/api/streams/{id}/format/download
Rules are used to highlight and filter connections based on network properties or based on content (regular expressions are used to search). The rules system is already implemented in the backend, but not yet present in the frontend
At each commit on a stable branch (master) the tool image must be automatically created and pushed to the DockerHub public repository
eciavatta/caronte
At the first start the tool must be configured (with POST /setup)
The possibility to process or load pcap directly from the frontend must be added
pcap|pcapng
in the browser file upload window
/api/pcap/upload
apipcap / pcapng
file present on the filesystem where Caronte is running with /api/pcap/file
apiCIDR address specified in the server ip during setup doesn't work properly. Flag stolen doesn't work on CIDR.
At the bottom of the page, in the frontend, there is the space reserved for a timeline
First things first: thanks for the wonderful project!
Reading your README.md I saw that one of the features mentions the highlight of the packets matching the regex, but in my experience this doesn't happen.
I tried it with Firefox and Chrome on Linux. Is caronte supposed to highlight the flags or did I get it wrong?
The tool must be able to recognize if one or more HTTP requests are compressed using gzip or deflate, and provide the body of the decompressed response.
Decompression should be done from the backend, and the APIs should be updated to provide both the original and the decompressed version to the frontend
I think you messed up something while adding ur website in the readme, maybe u meant eciavatta.DEV?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.