Skip to content
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.

Correctly parsing URIs #3199

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Correctly parsing URIs #3199

wants to merge 2 commits into from

Conversation

cccs-kevin
Copy link

@cccs-kevin cccs-kevin commented Apr 23, 2021
edited
Loading

Thanks for contributing! But first: did you read our community guidelines?
https://cuckoo.sh/docs/introduction/community.html

What I have added/changed is:

Some logic to address edge cases created by certain malware... unfortunately I do not have a public hash to share for recreation.

The goal of my change is:

The TCP data captured from network traffic was parsed in the network processing module with the URI containing <protocol>://<netloc>/<path>, which then caused issues putting the URL back together here. The unparsed URI would then look like <protocol>://<netloc>/<protocol>://<netloc>/<path> which is an invalid URI.

The goal of my change is to parse this URI extracted from the pcap correctly before it goes into the urlunparse method.

What I have tested about my change is:

I tested with the .pcaps generated by the malware that displayed this behaviour, and this change fixes it.

Also this happens in the KVM machinery.

@cccs-kevin cccs-kevin mentioned this pull request Aug 30, 2022
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cccs-kevin