flare-fakenet-ng icon indicating copy to clipboard operation
flare-fakenet-ng copied to clipboard

Published 20 hours ago verified publisher icon mandiant

Crash immediately on launch on Ubuntu 20.04

Open thejoelpatrol opened this issue 1 year ago • 4 comments

OS: Ubuntu 20.04 Python: 3.8.10 VM: VMWare Workstation 16 Latest commit: ac33a706274d3e567080d261f7886fd472378ffa

When starting Fakenet soon after boot, it fails to handle an exception properly. This seems to be an artifact of the Python 2-->3 migration. Officially in Python 3, IOError doesn't actually exist any more, though somehow this FileNotFoundError is still caught. In any case, it does not contain a message attribute. Changing (procfs_path, e.message) to (procfs_path, e) fixes it. There are several other locations where this may occur, where an old IOError is caught.

I could not reproduce this after fixing it and running for a while, then unfixing it, so it may only happen near boot. It does happen for me every boot. The file /proc/net/netfilter/nfnetlink_queue actually does not exist.

  ______      _  ________ _   _ ______ _______     _   _  _____
 |  ____/\   | |/ /  ____| \ | |  ____|__   __|   | \ | |/ ____|
 | |__ /  \  | ' /| |__  |  \| | |__     | |______|  \| | |  __
 |  __/ /\ \ |  < |  __| | . ` |  __|    | |______| . ` | | |_ |
 | | / ____ \| . \| |____| |\  | |____   | |      | |\  | |__| |
 |_|/_/    \_\_|\_\______|_| \_|______|  |_|      |_| \_|\_____|

                        Version 3.0 (alpha)
  _____________________________________________________________
                   Developed by FLARE Team
    Copyright (C) 2016-2022 Mandiant, Inc. All rights reserved.
  _____________________________________________________________
                                               
08/09/23 07:43:47 AM [           FakeNet] Loaded configuration file: /usr/local/lib/python3.8/dist-packages/fakenet/configs/default.ini
08/09/23 07:43:47 AM [          Diverter] Capturing traffic to packets_20230809_074347.pcap
08/09/23 07:43:47 AM [          Diverter] WARNING: No gateways configured!
08/09/23 07:43:47 AM [          Diverter] Cannot fix gateway
08/09/23 07:43:47 AM [          Diverter]          Please configure a default gateway or route in order to intercept external traffic.
08/09/23 07:43:47 AM [          Diverter]          Current interception abilities are limited to local traffic.
08/09/23 07:43:47 AM [               FTP] concurrency model: multi-thread
08/09/23 07:43:47 AM [               FTP] masquerade (NAT) address: None
08/09/23 07:43:47 AM [               FTP] passive ports: 60000->60010
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/fakenet/diverters/linutil.py", line 378, in linux_get_current_nfnlq_bindings
    with open(procfs_path, 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/proc/net/netfilter/nfnetlink_queue'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/fakenet", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/dist-packages/fakenet/fakenet.py", line 420, in main
    fakenet.start()
  File "/usr/local/lib/python3.8/dist-packages/fakenet/fakenet.py", line 250, in start
    self.diverter.start()
  File "/usr/local/lib/python3.8/dist-packages/fakenet/diverters/diverterbase.py", line 682, in start
    return self.startCallback()
  File "/usr/local/lib/python3.8/dist-packages/fakenet/diverters/linux.py", line 130, in startCallback
    qnos = self.linux_get_next_nfqueue_numbers(nhooks)
  File "/usr/local/lib/python3.8/dist-packages/fakenet/diverters/linutil.py", line 399, in linux_get_next_nfqueue_numbers
    existing_queues = self.linux_get_current_nfnlq_bindings()
  File "/usr/local/lib/python3.8/dist-packages/fakenet/diverters/linutil.py", line 391, in linux_get_current_nfnlq_bindings
    (procfs_path, e.message))
AttributeError: 'FileNotFoundError' object has no attribute 'message'

thejoelpatrol avatar Aug 09 '23 14:08 thejoelpatrol

Hey @thejoelpatrol, thanks for opening the issue.

This is generally an error where the nfnetlink_queue module is not loaded in the system. You can verify this by using sudo lsmod | grep nfnetlink_queue. There should be no output in the console suggesting the module is not loaded.

To load the module (assuming you have installed libnetfilter-queue-dev package while setting up), you can use the command sudo modprobe nfnetlink_queue. No output in the console confirms the command was successful. You can re-check the output with sudo lsmod | grep nfnetlink_queue.

Try running fakenet after loading the module. Hopefully that should solve the issue.

3V3RYONE avatar Aug 25 '23 18:08 3V3RYONE

@thejoelpatrol The comment I left above is to solve specifically the first error/exception: FileNotFoundError: [Errno 2] No such file or directory: '/proc/net/netfilter/nfnetlink_queue'. However, the second error/exception is still valid, which could be triggered for other non-existent files.

We need to change that in the codebase. Thanks for pointing out!

3V3RYONE avatar Aug 27 '23 16:08 3V3RYONE

@3V3RYONE That would explain why it only happens near boot and not later after a successful run, so that's a good tip, thanks.

The crash most immediately seems to be because of the second exception, though, as the first one is supposed to be handled cleanly. And there are more like it just waiting to happen. Looking forward to the next release with a fuller python3 update :)

thejoelpatrol avatar Aug 30 '23 15:08 thejoelpatrol

We're working on it 🚀 Feel free to report bugs or put up a PR to solve one :)

3V3RYONE avatar Aug 30 '23 15:08 3V3RYONE