Mitmdump updates (#2529)

enzok · web-flow · commit b409151e48f1 · 2025-03-19T16:10:57.000+01:00
* add mitmdump file download to network tab
mitmdump api fixes

* Remove unused import
diff --git a/conf/default/api.conf.default b/conf/default/api.conf.default
@@ -361,3 +361,9 @@ rpm = 4/m
 # Allow to request stop of the analysis inside of the VM
 [user_stop]
 enabled = no
+
+[mitmdump]
+enabled = no
+auth_only = no
+rps = 1/s
+rpm = 4/m
diff --git a/web/analysis/views.py b/web/analysis/views.py
@@ -758,6 +758,9 @@ def load_files(request, task_id, category):
             tls_path = os.path.join(ANALYSIS_BASE_PATH, "analyses", str(task_id), "tlsdump", "tlsdump.log")
             if _path_safe(tls_path):
                 ajax_response["tlskeys_exists"] = _path_safe(tls_path)
+            mitmdump_path = os.path.join(ANALYSIS_BASE_PATH, "analyses", str(task_id), "mitmdump", "dump.har")
+            if _path_safe(mitmdump_path):
+                ajax_response["mitmdump_exists"] = _path_safe(mitmdump_path)
         elif category == "behavior":
             ajax_response["detections2pid"] = data.get("detections2pid", {})
         return render(request, page, ajax_response)
@@ -1943,6 +1946,9 @@ def file(request, category, task_id, dlfile):
         path = []
         for dfile in os.listdir(buf):
             path.append(os.path.join(buf, dfile))
+    elif category == "mitmdump":
+        path = os.path.join(CUCKOO_ROOT, "storage", "analyses", task_id, "mitmdump", "dump.har")
+        cd = "text/plain"
     else:
         return render(request, "error.html", {"error": "Category not defined"})
 
diff --git a/web/apiv2/views.py b/web/apiv2/views.py
@@ -1643,7 +1643,7 @@ def tasks_evtx(request, task_id):
 @csrf_exempt
 @api_view(["GET"])
 def tasks_mitmdump(request, task_id):
-    if not apiconf.taskmitmdump.get("enabled"):
+    if not apiconf.mitmdump.get("enabled"):
         resp = {"error": True, "error_value": "Mitmdump HAR download API is disabled"}
         return Response(resp)
 
diff --git a/web/templates/analysis/network/index.html b/web/templates/analysis/network/index.html
@@ -3,12 +3,15 @@
     <div class="alert alert-primary center">
         <a class="btn btn-secondary btn-sm" href="{% url "file" "pcap" id network.pcap_sha256 %}"><span class="fas fa-download"></span> PCAP</a>
         {% if pcapng.sha256 %}
-        <a class="btn btn-secondary btn-sm" title="PCAP with embedded TLS keys for use in WireShark." href="{% url "file" "pcapng" id pcapng.sha256 %}"><span class="fas fa-download"></span> PCAP-NG</a>
+            <a class="btn btn-secondary btn-sm" title="PCAP with embedded TLS keys for use in WireShark." href="{% url "file" "pcapng" id pcapng.sha256 %}"><span class="fas fa-download"></span> PCAP-NG</a>
         {% endif %}
-        <a class="btn btn-secondary btn-sm" href="{% url "file" "pcapzip" id network.pcap_sha256 %}"><span class="fas fa-file-archive"></span><span class="fas fa-download"></span> PCAP</a>
+            <a class="btn btn-secondary btn-sm" href="{% url "file" "pcapzip" id network.pcap_sha256 %}"><span class="fas fa-file-archive"></span><span class="fas fa-download"></span> PCAP</a>
         {% if tlskeys_exists %}
             <a class="btn btn-secondary btn-sm" href="{% url "file" "tlskeys" id network.pcap_sha256 %}"><span class="fas fa-download"></span> TLS keys</a>
         {% endif %}
+        {% if mitmdump_exists %}
+            <a class="btn btn-secondary btn-sm" href="{% url "file" "mitmdump" id 0 %}"><span class="fas fa-download"></span> Mitmdump </a>
+        {% endif %}
     </div>
 {% endif %}
     <ul class="nav nav-tabs flex-column flex-sm-row" style="margin-bottom: 0;">
diff --git a/web/templates/apiv2/index.html b/web/templates/apiv2/index.html
@@ -42,19 +42,19 @@ <h3 class="panel-title">API - <a href=https://capev2.readthedocs.io/en/latest/us
           </td>
       </tr>
       <tr>
-        <td>VirusTotal download and analyze</td>
-        {% if config.vtdl.enabled %}
+        <td>Download from file service and analyze</td>
+        {% if config.downloading_services.enabled %}
         <td><span class="badge badge-success">Yes</span></td>
         {% else %}
         <td><span class="badge badge-danger">No</span></td>
         {% endif %}
         <td>
           <ul>
-            <li>RPS: {{ config.vtdl.rps }}</li>
-            <li>RPM: {{ config.vtdl.rpm }}</li>
+            <li>RPS: {{ config.downloading_services.rps }}</li>
+            <li>RPM: {{ config.downloading_services.rpm }}</li>
           </ul>
         </td>
-        <td>Download a file from VT for analysis. Return object will be JSON.</td>
+        <td>Download a file from VT or MalwareBazaar or other service for analysis. Return object will be JSON.</td>
         <td><a class="accordion-toggle" data-toggle="collapse" href="#vtdl" aria-expanded="false" aria-controls="#vtdl">Example</a></td>
       </tr>
       <tr class="collapse" id="vtdl">
@@ -754,6 +754,28 @@ <h3 class="panel-title">API - <a href=https://capev2.readthedocs.io/en/latest/us
           <pre>curl {{ config.api.url }}/apiv2/tasks/[days]/</pre>
         </td>
       </tr>
+      <tr>
+        <td>Mitmdump HAR Download</td>
+        {% if config.mitmdump.enabled %}
+        <td><span class="badge badge-success">Yes</span></td>
+        {% else %}
+        <td><span class="badge badge-danger">No</span></td>
+        {% endif %}
+        <td>
+          <ul>
+            <li>RPS: {{ config.mitmdump.rps }}</li>
+            <li>RPM: {{ config.mitmdump.rpm }}</li>
+          </ul>
+        </td>
+        <td>Download the HAR file of mitmdump given a Task ID. Return will be a HAR file.</td>
+        <td><a class="accordion-toggle" data-toggle="collapse" href="#mitmdump" aria-expanded="false" aria-controls="#mitmdump">Example</a>
+        </td>
+      </tr>
+      <tr class="collapse" id="mitmdump">
+        <td colspan="5">
+          <pre>curl {{ config.api.url }}/apiv2/tasks/get/mitmdump/[task id]/</pre>
+        </td>
+      </tr>
     </tbody>
   </table>
   {% else %}
