Can't pull sample from MalwareBazaar

[pschivo]

• [x] I am running the latest version
• [x] I did read the README!
• [x] I checked the documentation and found no answer
• [x] I checked to make sure that this issue has not already been filed
• [x] I'm reporting the issue to the correct repository (for multi-repository projects)
• [x] I have read and checked all configs (with all optional parts)

Expected Behavior

After pulling last commit and enabled/configured Malware Bazaar with respective API Key and enabled on integrations.conf, submit a Malware Bazaar hash (MD5,SHA1 OR SHA256) and get sample results.

Current Behavior

The following message appears after clicking Submit:

**_ERROR :-( Error adding task(s) to CAPE's database.

- Can't download sample from external services_**

Steps to Reproduce

1. Get Abuse.ch Api key and load it in integrations.conf
2. Make sure you have Malware Bazaar enabled.
3. Submit a Malware Bazaar hash.

Context

| Git commit | 9827376e7d7f781577aac080b381ac6915dd959a | OS version | Ubuntu 22.04

Failure Logs

Can't find a proper log with failures, only Web GUI Response:

**_ERROR :-( Error adding task(s) to CAPE's database.

- Can't download sample from external services_**

[doomedraven]

your specified commit doesn't exist in this repo

[pschivo]

Hey,

Sorry, it was 4122f5f87acbba75bea413e924df061d9e7825c0 but with resultserver.py changed.

[doomedraven]

that strange, i just checked it again, it works, did you change order under [downloaders]? if is empty it will load all, but if you specified only some of them and not all, then others will be disabled

[pschivo]

Hi, no, i haven't. This is my "downloaders" section:

[downloaders]

You can overwrite the downloaders order, must match filename without ".py". If name is missed is the same as disabled. Example:

order = virustotal,malwarebazaar

order =

[kevoreilly]

The blank order = surely needs removing, it's the last item to be read so will blat the previous line

[doomedraven]

no, he just didn't escape code so it converted # to markdown's H3. but the empty is fine, it means all if empty. is the same how i have it.

[pschivo]

no, he just didn't escape code so it converted # to markdown's H3. but the empty is fine, it means all if empty. is the same how i have it.

Exactly, sorry, i haven't escaped my code. I've done another check but i don't find any missconfiguration. I've also tried to pull different hashes from different samples (SHA 256, MD5, etc) and always the same output error. I can't find more information in logs

[doomedraven]

fixed now https://github.com/kevoreilly/CAPEv2/commit/de43845acc7949d73cc83ee36ea83a63e2c66ea8 so for some reason on dev server it doesnt give problems, but i was able to reproduce your issue on Kevs server, so now it should be working. Thank you for reporting it and sorry for long delay, was need a server where it was failing

[pschivo]

Oh i see. It's working correctly now, thanks a lot.

[pschivo]

Hello there,

Today, after doing a "git pull" to have latest version, this issue appeared again.

[pschivo]

Hey guys, any clue about this recurrent error?

[kevoreilly]

No clue here I'm afraid, all I can say is that it's working fine for me!

[pschivo]

No clue here I'm afraid, all I can say is that it's working fine for me!

Thanks for answering. I found the issue...

If the request to download the sample is made from http://cape:8000 (which is the hostname) it fails, but it doesn't if you do it using the CAPE IP (example: http://10.8.10.10:8000). I've already deleted cache, cookies and also tried it from another machine. Same behaviour.

[doomedraven]

thats kinda interesting behavior

[doomedraven]

just tested with cape.local instead of ip, and it works just fine here so i can't really help here