Interactive Session CAPE / Guacamole Connection

[kareemauth]

About accounts on capesandbox.com

• Issues isn't the way to ask for account activation. Ping capesandbox in Twitter with your username

This is open source and you are getting free support so be friendly!

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [+] I am running the latest version
• [+] I did read the README!
• [+] I checked the documentation and found no answer
• [+] I checked to make sure that this issue has not already been filed
• [+] I'm reporting the issue to the correct repository (for multi-repository projects)
• [+] I have read and checked all configs (with all optional parts)

Expected Behavior

When submitting a file and selecting interactive session, display the desktop of the VM while running the analysis

Current Behavior

Receive the follow error:

Failure Information (for bugs)

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. When submitting a file for analysis, click interactive desktop
2. Click Analyze
3. Under the Remote Control Session, click on the task number
4. Error

Context

When trying to launch guacamole through CAPE it results in the error message displayed above. In the logs I don't see CAPE opening a guacamole session.

I am able to connect to a running VM through the guacamole setup outside of cape using the method as described in the docs (detailed under Additional Information)

OS Version: Ubuntu 22
Guacamole Version: 1.5.5

/opt/CAPEv2/conf/web.conf

[web_reporting]
enabled = yes

[guacamole]
enabled = yes
mode = vnc
username =
password =
guacd_host = localhost
guacd_port = 4822
# Server that exposes the VNC ports (e.g., your KVM host)
vnc_host = localhost
# You might need to add your server IP to ALLOWED_HOSTS in web/web/settings.py if it not ["*""]
# vnc or rdp
guest_protocol = vnc
guacd_recording_path = /opt/CAPEv2/storage/guacrecordings
guest_width = 1280
guest_height = 1024
 rdp settings
guest_rdp_port = 3389

VM VNC Settings

NGINX Config

server {
    listen 80;
    server_name "cape-sandbox";
    client_max_body_size 101M;
    proxy_connect_timeout 75;
    proxy_send_timeout 200;
    proxy_read_timeout 200;


    location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
      root         /var/www/html;
      break;
    }

    location = /.well-known/acme-challenge/ {
      return 404;
    }

    location / {
        proxy_pass http://10.32.2.120:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Remote-User $remote_user;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /static/ {
        alias /opt/CAPEv2/web/static/;
    }

    location /static/admin/ {
        proxy_pass http://10.32.2.120:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Remote-User $remote_user;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /guac {
        proxy_pass http://127.0.0.1:8008;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }

    location /recordings/playback/recfile {
        alias /opt/CAPEv2/storage/guacrecordings/;
        autoindex off;
    }
}

Failure Logs

The guacd service status when choosing the interactive session during a file analysis

May 06 17:46:29 CAPE systemd[1]: Started Guacamole Server.
May 06 17:46:30 CAPE guacd[2175]: Guacamole proxy daemon (guacd) version 1.5.5 started
May 06 17:46:30 CAPE guacd[2175]: guacd[2175]: INFO:        Guacamole proxy daemon (guacd) version 1.5.5 started
May 06 17:46:30 CAPE guacd[2175]: guacd[2175]: INFO:        Listening on host 127.0.0.1, port 4822
May 06 17:46:30 CAPE guacd[2175]: Listening on host 127.0.0.1, port 4822
May 06 17:49:38 CAPE systemd[1]: Stopping Guacamole Server...
May 06 17:49:38 CAPE systemd[1]: guacd.service: Deactivated successfully.
May 06 17:49:38 CAPE systemd[1]: Stopped Guacamole Server. 

The guac-server.log (/opt/CAPEv2/web/guac-server.log) is empty

The guac-web service logs

May 06 17:46:28 CAPE systemd[1]: Started Guacamole ASGI app.
May 06 17:46:34 CAPE poetry[2008]: [2024-05-06 17:46:34 +0000] [2008] [INFO] Starting gunicorn 22.0.0
May 06 17:46:34 CAPE poetry[2008]: [2024-05-06 17:46:34 +0000] [2008] [INFO] Listening at: http://127.0.0.1:8008 (2008)
May 06 17:46:34 CAPE poetry[2008]: [2024-05-06 17:46:34 +0000] [2008] [INFO] Using worker: uvicorn.workers.UvicornWorker
May 06 17:46:34 CAPE poetry[3002]: [2024-05-06 17:46:34 +0000] [3002] [INFO] Booting worker with pid: 3002
May 06 17:46:34 CAPE poetry[3004]: [2024-05-06 17:46:34 +0000] [3004] [INFO] Booting worker with pid: 3004
May 06 17:46:34 CAPE poetry[3006]: [2024-05-06 17:46:34 +0000] [3006] [INFO] Booting worker with pid: 3006
May 06 17:46:34 CAPE poetry[3007]: [2024-05-06 17:46:34 +0000] [3007] [INFO] Booting worker with pid: 3007
May 06 17:46:36 CAPE poetry[3006]: [2024-05-06 17:46:36 +0000] [3006] [INFO] Started server process [3006]
May 06 17:46:36 CAPE poetry[3004]: [2024-05-06 17:46:36 +0000] [3004] [INFO] Started server process [3004]
May 06 17:46:36 CAPE poetry[3007]: [2024-05-06 17:46:36 +0000] [3007] [INFO] Started server process [3007]
May 06 17:46:36 CAPE poetry[3002]: [2024-05-06 17:46:36 +0000] [3002] [INFO] Started server process [3002]
May 06 17:46:36 CAPE poetry[3006]: [2024-05-06 17:46:36 +0000] [3006] [INFO] Waiting for application startup.
May 06 17:46:36 CAPE poetry[3007]: [2024-05-06 17:46:36 +0000] [3007] [INFO] Waiting for application startup.
May 06 17:46:36 CAPE poetry[3004]: [2024-05-06 17:46:36 +0000] [3004] [INFO] Waiting for application startup.
May 06 17:46:36 CAPE poetry[3002]: [2024-05-06 17:46:36 +0000] [3002] [INFO] Waiting for application startup.
May 06 17:46:36 CAPE poetry[3007]: [2024-05-06 17:46:36 +0000] [3007] [INFO] ASGI 'lifespan' protocol appears unsupported.
May 06 17:46:36 CAPE poetry[3004]: [2024-05-06 17:46:36 +0000] [3004] [INFO] ASGI 'lifespan' protocol appears unsupported.
May 06 17:46:36 CAPE poetry[3006]: [2024-05-06 17:46:36 +0000] [3006] [INFO] ASGI 'lifespan' protocol appears unsupported.
May 06 17:46:36 CAPE poetry[3002]: [2024-05-06 17:46:36 +0000] [3002] [INFO] ASGI 'lifespan' protocol appears unsupported.
May 06 17:46:36 CAPE poetry[3007]: [2024-05-06 17:46:36 +0000] [3007] [INFO] Application startup complete.
May 06 17:46:36 CAPE poetry[3004]: [2024-05-06 17:46:36 +0000] [3004] [INFO] Application startup complete.
May 06 17:46:36 CAPE poetry[3006]: [2024-05-06 17:46:36 +0000] [3006] [INFO] Application startup complete.
May 06 17:46:36 CAPE poetry[3002]: [2024-05-06 17:46:36 +0000] [3002] [INFO] Application startup complete.

Additional information

Outside of CAPE I run the VM, and get the encoded string for the VM and through a browser I can access the VM through guacamole with the connection established in the logs

Python script

>>> from uuid import uuid3, NAMESPACE_DNS
>>> from base64 import urlsafe_b64encode as ub64enc
>>> sid = uuid3(NAMESPACE_DNS, "0000").hex[:16]
>>> ip = "10.32.2.120" # Example 192.168.2.2
>>> vm_name = "win10x1" # example win10
>>> sd = ub64enc(f"{sid}|{vm_name}|{ip}".encode("utf8")).decode("utf8")
>>> print(sd)
NTNjMWQ5YzZiZmFiM2Q0Znx3aW4xMHgxfDEwLjMyLjIuMTIw
>>>

Guacamole VM

Guacd Logging VNC Connections outside of CAPE

sudo journalctl -u guacd

May 07 16:45:26 CAPE guacd[2171]: Creating new client for protocol "vnc"
May 07 16:45:26 CAPE guacd[2171]: Connection ID is "$93d96a47-2393-4f07-9a0b-1c4c7050ba3f"
May 07 16:45:26 CAPE guacd[22970]: Cursor rendering: local
May 07 16:45:26 CAPE guacd[22970]: guacd[22970]: INFO:        Cursor rendering: local
May 07 16:45:26 CAPE guacd[22970]: guacd[22970]: INFO:        User "@5fc0cd12-110d-4fa3-9088-dae48ed6d4ad" joined connection "$93d96a47-2393-4f07-9a0b-1c4c7050ba3f" (1 users now present)
May 07 16:45:26 CAPE guacd[22970]: User "@5fc0cd12-110d-4fa3-9088-dae48ed6d4ad" joined connection "$93d96a47-2393-4f07-9a0b-1c4c7050ba3f" (1 users now present)
May 07 16:45:26 CAPE guacd[22970]: VNC server supports protocol version 3.8 (viewer 3.8)
May 07 16:45:26 CAPE guacd[22970]: We have 1 security types to read
May 07 16:45:26 CAPE guacd[22970]: 0) Received security type 1
May 07 16:45:26 CAPE guacd[22970]: Selecting security type 1 (0/1 in the list)
May 07 16:45:26 CAPE guacd[22970]: Selected Security Scheme 1
May 07 16:45:26 CAPE guacd[22970]: No authentication needed
May 07 16:45:26 CAPE guacd[22970]: VNC authentication succeeded
May 07 16:45:26 CAPE guacd[22970]: Desktop name "QEMU (win10x1)"
May 07 16:45:26 CAPE guacd[22970]: Connected to VNC server, using protocol version 3.8
May 07 16:45:26 CAPE guacd[22970]: VNC server default format:
May 07 16:45:26 CAPE guacd[22970]:   32 bits per pixel.
May 07 16:45:26 CAPE guacd[22970]:   Least significant byte first in each pixel.
May 07 16:45:26 CAPE guacd[22970]:   TRUE colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
May 07 16:45:26 CAPE guacd[22970]: guacd[22970]: INFO:        Recording of session will be saved to "/opt/CAPEv2/storage/guacrecordings/0000_53c1d9c6bfab3d4f.8".
May 07 16:45:26 CAPE guacd[22970]: Recording of session will be saved to "/opt/CAPEv2/storage/guacrecordings/0000_53c1d9c6bfab3d4f.8".
May 07 16:45:54 CAPE guacd[22970]: User "@5fc0cd12-110d-4fa3-9088-dae48ed6d4ad" disconnected (0 users remain)
May 07 16:45:54 CAPE guacd[22970]: Last user of connection "$93d96a47-2393-4f07-9a0b-1c4c7050ba3f" disconnected
May 07 16:45:54 CAPE guacd[22970]: guacd[22970]: INFO:        User "@5fc0cd12-110d-4fa3-9088-dae48ed6d4ad" disconnected (0 users remain)
May 07 16:45:54 CAPE guacd[22970]: guacd[22970]: INFO:        Last user of connection "$93d96a47-2393-4f07-9a0b-1c4c7050ba3f" disconnected
May 07 16:45:55 CAPE guacd[22970]: Internal VNC client disconnected
May 07 16:45:55 CAPE guacd[22970]: guacd[22970]: INFO:        Internal VNC client disconnected
May 07 16:45:55 CAPE guacd[2171]: Connection "$93d96a47-2393-4f07-9a0b-1c4c7050ba3f" removed.
May 07 16:45:55 CAPE guacd[2171]: guacd[2171]: INFO:        Connection "$93d96a47-2393-4f07-9a0b-1c4c7050ba3f" removed.

sudo journalctl -u guac-web

May 07 16:45:26 CAPE poetry[3134]: Client connected with guacd server (localhost, 4822, 20)
May 07 16:45:26 CAPE poetry[3134]: INFO:guacamole:Client connected with guacd server (localhost, 4822, 20)
May 07 16:45:26 CAPE poetry[3134]: [2024-05-07 16:45:26 +0000] [3134] [INFO] ('10.32.2.101', 0) - "WebSocket /guac/websocket-tunnel/53c1d9c6bfab3d4f" [accepted]
May 07 16:45:26 CAPE poetry[3134]: [2024-05-07 16:45:26 +0000] [3134] [INFO] connection open
May 07 16:45:54 CAPE poetry[3134]: [2024-05-07 16:45:54 +0000] [3134] [INFO] connection closed
May 07 16:45:54 CAPE poetry[3134]: Connection closed.
May 07 16:45:54 CAPE poetry[3134]: INFO:guacamole:Connection closed.

Last summer I did have the interactive session working with Guacamole 1.4 (as described in ticket https://github.com/kevoreilly/CAPEv2/issues/1508), I have just rebuilt the server to get the latest updates

Your help would be appreciated, thank you

[doomedraven]

yes it doesnt work for some reason with latest, checking

[doomedraven]

just pushed fix, do git pull and systemctl restart cape-web