Kippo-play.php - No session replay? #44
Comments
|
PHP: 5.4.45-0+deb7u2 |
|
Any errors in your web server logs at all? |
|
Also experiencing this issue. No errors in apache logs and all other instructions followed. Everything else works perfectly, except playlogs. Just a black screen. http://puu.sh/ohwd1/a73a157f65.png I tried with Chrome, Firefox and Safari as well. Same results. |
|
@ecapuano does this happen for all captured sessions? Are you using kippo or cowrie? |
|
@ikoniaris yes all captured sessions, and I am running cowrie (perhaps that is my mistake?) |
|
@ecapuano Maybe. I think corwie and kippo save the sessions differently on disk. I'll have to test it somehow... |
|
@micheloosterhof can you confirm is kippo and cowrie save the sessions differently on disk? (I think different encoding or something?) |
|
TTY logs should be exactly the same. On Sunday, 24 April 2016, Ioannis notifications@github.com wrote:
|
|
Also having issues, Pulled both from git on to a clean box using an external SQL server playlog page is blank and clicking play from somewhere else reveals this.
|
|
@locknlol @ecapuano @kevthehermit just to confirm, this seems to be happening only for cowrie, right? |
|
Confirming Latest Pull from Cowrie is what i am running and getting this error. |
|
I was also using cowrie, but I didn't get that error. I got a blank black box where the console replay should've been.
|
|
I am also unable to get playlog with cowrie I see that cowrie does write differently on the ttylog table see below in my case i dont see the entry show up in the playlog page but in other pages like kippo-input there is data populated from cowrie 30 d5a493d85c3411e6b39a370cc074daee [BLOB - 855 B] Here is how cowrie writes to the db |
|
You can see there's a little '0i' at the end of the Cowrie log. The 0 is for the 0'th (or first) session, the 'i' is for interactive logins. There are sometimes multiple shell sessions within a single SSH session, that's why the extra characters are added. The full name of the tty log is written to the normal/json log files, so Kippo-Graph should be changed to pick up the name of the ttylog there, rather than assuming it's always the session id. |
|
Thanks @micheloosterhof, this is helpful! |
|
Any update to this? |
|
System: I get the folling error when i try to play playlog (most of them, single playworks works): I think cowrie generates multiple logs in log/tty/ for same [attacker...]
There are some interesting logs in apache-error.log (Setting: PYTHON): After changing kippo-play.php i get some more output:
This isn't really perfect but maybe an beginning ;) |
|
Actually that looks like it's working correctly! On 7 November 2016 at 14:31, erdo_king notifications@github.com wrote:
|
|
I followed the instructions above, but am not getting playback. Side note: I have not installed cowrie globally, and am running it under the user 'cowrie' (/home/cowrie/cowrie). While kippo-graphs is installed under www-data (/var/www/html/cowrie) |
|
What OS and/or distribution? |
|
3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux |
|
I experience the same bug. I use Cowrie and instead of playing log I only have a black screen. Any progress in solving this? |
|
I had this issue as well. For me the problem was twofold.
I followed the instructions on the cowrie github and have it installed to /home/cowrie/cowrie.
The logs will occasionally have to have their permissions updated. Once they have they will be playable. These fixes are not entirely on kippo-graph to implement. But for anyone trying to figure out why their logs won't play, this is what worked for me. |
|
Sorry about my poor English.I experience the same issue, also using cowrie and mysql. I read those log files that could not be played with javascript, But when i try to login to my cowrie-system on my own, @viemmsakh About you second problem, Has it been resolved? |
|
Hi all, I am not able to get any playback in the kippo-playlog. All of my data is populating in the graphs, however I cannot get the playback to produce anything. The only item on the kippo-playlog tab is "Replay input by attackers captured by the honeypot system" with nothing under it. |
|
Hello, Firstly there is no directory called "utils" in the cowrie distribution so obviously pointing to it wilk fail.Kippo-graph nice little script nice work allthrough it is getting outdated i get lots of errors in my php error_log most of them are related due to changes in more recent PHP versions. As far as i know the user "www-data" does not exist on all linux distributions i believe "www-data" is an ubuntu (and debian)thing on centos for example this is nobody a command like ps -ef | egrep '(httpd|apache2|apache)' | grep -v can help getting the right value. |
http://i.imgur.com/fhOjo00.png
I'm unable to get any playback from sessions on my installation. I'm using Cowrie and kippo-graphs with MySQL.
The text was updated successfully, but these errors were encountered: