Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug in install script #259

Closed
7a opened this issue Jul 2, 2014 · 1 comment
Closed

Bug in install script #259

7a opened this issue Jul 2, 2014 · 1 comment
Assignees
Labels

Comments

@7a
Copy link
Member

7a commented Jul 2, 2014

UPDATE: As a workaround, I have updated the wiki for a smoother first OWTF experience
https://github.com/owtf/owtf/wiki/OWASP-OWTF-Installation#installation-via-git-clone-recommended

I tried to install OWTF on a new, fully up-to-date, Kali VM following the instructions here:
https://github.com/owtf/owtf/wiki/OWASP-OWTF-Installation#installation-by-script

I choose "1) stable release" and eventually got the following error:

.....
[] Installing Combined Dictionaries
[
] Switching to /root/owtf/dictionaries/restricted/combined
[] Running following command
python2 /root/owtf/dictionaries/dict_merger_svndigger_raft.py
[
] Installing Local CA for Inbound Proxy
[] Switching to /root/.owtf/proxy
[
] Running following command
/root/owtf/install/proxy_CA.sh /root/owtf
sh: 1: /root/owtf/install/proxy_CA.sh: Permission denied <--- BUG here
(1) Kali Linux
Select a number based on your distribution : 1
.....

UPDATE:

Even after the install, it looks like hoppy is not installed now:
/root/owtf/owtf.py http://target.com

resulted in:
...
[] WARNING: Tool path not found for: /root/owtf/tools/restricted/hoppy-1.8.1/hoppy-1.8.1
[
]
[] WARNING!!!: 1 tools could not be found. Some suggestions:
[
] - Define where your tools are here: /root/owtf/profiles/general/default.cfg
[] - Use the /root/owtf/install/kali_install.sh script to install missing tools
Continue anyway? [y/n]n
[
] Aborted by Framework: Aborted by user
[] OWTF finished: No time to report anything! :P
[
] Stopping inbound proxy processes and cleaning up, Please wait!
[] Saving DBs before stopping messaging
[
]
[] ____________________________________________________________________________________________________
[
]
[] OWTF BUG: Please report the sanitised information below to help make this better. Thank you.
[
] ****************************************************************************************************
[]
[
] Message: Unknown owtf error
[]
[
] Command:
[]
[
] Error Trace:
[] Traceback (most recent call last):
[
]
[] File "/root/owtf/owtf.py", line 342, in run_owtf
[
] if Core.Start(args):
[]
[
] File "/root/owtf/framework/core.py", line 252, in Start
[] if self.initialise_framework(Options):
[
]
[] File "/root/owtf/framework/core.py", line 258, in initialise_framework
[
] self.Config.ProcessOptions(Options)
[]
[
] File "/root/owtf/framework/config/config.py", line 100, in ProcessOptions
[] self.HealthCheck.Run()
[
]
[] File "/root/owtf/framework/config/health_check.py", line 41, in Run
[
] self.ShowHelp(Count)
[]
[
] File "/root/owtf/framework/config/health_check.py", line 60, in ShowHelp
[] self.print_warning(Count)
[
]
[] File "/root/owtf/framework/config/health_check.py", line 70, in print_warning
[
] self.Core.Error.FrameworkAbort("Aborted by user")
[]
[
] File "/root/owtf/framework/error_handler.py", line 53, in FrameworkAbort
[] self.Core.Finish(Message, Report)
[
]
[] File "/root/owtf/framework/core.py", line 346, in Finish
[
] self.DB.SaveDBs() # So that detailed_report_register populated by reporting is saved :P
[]
[
] AttributeError: Core instance has no attribute 'DB'
[]
[
]
[] ____________________________________________________________________________________________________
[
]
[]
[
] ERROR: DB is not setup yet: cannot log errors to file!
[] OWTF finished: No time to report anything! :P
[
] Stopping inbound proxy processes and cleaning up, Please wait!
[*] Saving DBs before stopping messaging
Traceback (most recent call last):
File "/root/owtf/owtf.py", line 366, in
run_owtf(Core, args)
File "/root/owtf/owtf.py", line 356, in run_owtf
Core.Finish("Crashed")
File "/root/owtf/framework/core.py", line 346, in Finish
self.DB.SaveDBs() # So that detailed_report_register populated by reporting is saved :P
AttributeError: Core instance has no attribute 'DB'

UPDATE 2: For some reason wget does not trust the certificate from the hoppy website, I believe this was proposed before to get around the problem (not ideal, but hey, you had "wget http.." in the 1st place :))

wget --no-check-certificate https://labs.portcullis.co.uk/download/hoppy-1.8.1.tar.bz2; bunzip2 *; tar xvf *; rm -f *.tar

UPDATE 3: Even after the hoppy thing, OWTF gets stuck and this is the stable version :(
NOTE: Even trying to "s" + enter does not work :(

[] Loading/Initialising database ..
[
] HTML ID DB is empty, initialising..
[] SEED DB is empty, initialising..
[
] Starting Inbound proxy at 127.0.0.1:8008
[] Starting Transaction logger process
[
] Setting up proxy(inbound) for OWTF requests..
[] Proxy transaction's log file at /tmp/owtf/38286/proxy.log
[
] Visit http://127.0.0.1:8008/proxy to use Plug-n-Hack standard
[*] Execution of OWTF is halted.You can browse through OWTF proxy) Press Enter to continue with OWTF

[*] Proxy Check: Avoid logging request again if already in DB..
{'URL': 'http://www.google.ie'} in DB: False

s

^CNone
[]
[
] owtf was aborted by the user:
[] Please check report/plugin output files for partial results
[
] Saving DBs
[] Finishing iteration and assembling report again (with updated run information)
[
] OWTF iteration finished
[] Stopping inbound proxy processes and cleaning up, Please wait!
[
] Saving DBs before stopping messaging

UPDATE 4: Giving up on the stable version and trying the dev version I found out that number "2" does not work on the bootstrap script xD

bash bootstrap.sh
Please ensure that you have minimum 60 MB space free on your current partition..
Select OWTF version, stable or bleeding-edge:

  1. OWTF 0.45.0 Winter Blizzard (stable)
  2. OWTF GSoC'14-dev
  3. Quit

? 2

invalid option

UPDATE 5: Clearly the bootstrap.sh script was not tested given that the following line dumps binary stuff on the terminal xD

curl -L https://github.com/owtf/owtf/archive/lions_2014.zip

@7a 7a added the Bug label Jul 2, 2014
viyatb added a commit that referenced this issue Jul 6, 2014
viyatb added a commit that referenced this issue Aug 4, 2014
@DePierre
Copy link
Contributor

This should be fixed in the latest bootstrap script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants