Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AzSniffer module not working properly when sniffing multiple VMSS instances #2229

Open
6 tasks done
leoiancu21 opened this issue Jul 15, 2024 · 1 comment
Open
6 tasks done

AzSniffer module not working properly when sniffing multiple VMSS instances #2229

leoiancu21 opened this issue Jul 15, 2024 · 1 comment
Labels
azure

Comments

@leoiancu21
Copy link
Contributor

About accounts on capesandbox.com

  • Issues isn't the way to ask for account activation. Ping capesandbox in Twitter with your username

This is open source and you are getting free support so be friendly!

Prerequisites

Please answer the following questions for yourself before submitting an issue.

  • I am running the latest version
  • I did read the README!
  • I checked the documentation and found no answer
  • I checked to make sure that this issue has not already been filed
  • I'm reporting the issue to the correct repository (for multi-repository projects)
  • I have read and checked all configs (with all optional parts)

Expected Behavior

The AzSniffer module should correctly create packet captures for multiple machines in a VM Scale Set (VMSS) environment.

Current Behavior

  1. When multiple machines are present inside a VMSS, the analysis module generates an incorrect folder structure:
    ...network-watcher-logs/Packet_Capture_{task_id}/{machine_name}_Packet_Capture_{task_id}
    This structure is not correctly aligned with the code.

  2. The AzSniffer module fails to create packet captures for individual VMs within the VMSS, resulting in an "UnsupportedTargetResourceId" error.

Failure Information (for bugs)

Steps to Reproduce

  1. Set up a VMSS environment in Azure for CAPESandbox
  2. Attempt to run an analysis that involves packet capture using the AzSniffer module
  3. Observe the error in the logs and the incorrect folder structure

Context

Question Answer
Git commit (User needs to provide this information)
OS version (User needs to provide this information)

Additional context:

  • Environment: Azure VM Scale Set (VMSS)
  • Module: AzSniffer

Network Watchers are based on:

  • VM
  • VirtualNetwork
  • Subnet
  • VMScaleSet

The current implementation seems to be targeting individual VMs within the VMSS, which is not supported.

Failure Logs

2024-07-13 17:41:45,263 [msal.authority] INFO: Initializing with Entra authority: https://login.microsoftonline.com/[TENANT_ID]
2024-07-13 17:41:46,101 [modules.auxiliary.AzSniffer] ERROR: Azure error occurred while creating packet capture: (UnsupportedTargetResourceId) Target resource identifier /subscriptions/[SUBSCRIPTION_ID]/resourceGroups/[RESOURCE_GROUP]/providers/Microsoft.Compute/virtualMachineScaleSets/[VMSS_NAME]/virtualMachines/10/networkInterfaces/[NIC_NAME] is not an allowed target resource. The supported resource types for the target resource are VM, VirtualNetwork, Subnet, VMScaleSet.
Code: UnsupportedTargetResourceId
Message: Target resource identifier /subscriptions/[SUBSCRIPTION_ID]/resourceGroups/[RESOURCE_GROUP]/providers/Microsoft.Compute/virtualMachineScaleSets/[VMSS_NAME]/virtualMachines/10/networkInterfaces/[NIC_NAME] is not an allowed target resource. The supported resource types for the target resource are VM, VirtualNetwork, Subnet, VMScaleSet.
2024-07-13 17:41:46,101 [lib.cuckoo.core.plugins] WARNING: Unable to start auxiliary module AzSniffer: (UnsupportedTargetResourceId) Target resource identifier /subscriptions/[SUBSCRIPTION_ID]/resourceGroups/[RESOURCE_GROUP]/providers/Microsoft.Compute/virtualMachineScaleSets/[VMSS_NAME]/virtualMachines/10/networkInterfaces/[NIC_NAME] is not an allowed target resource. The supported resource types for the target resource are VM, VirtualNetwork, Subnet, VMScaleSet.
Code: UnsupportedTargetResourceId
Message: Target resource identifier /subscriptions/[SUBSCRIPTION_ID]/resourceGroups/[RESOURCE_GROUP]/providers/Microsoft.Compute/virtualMachineScaleSets/[VMSS_NAME]/virtualMachines/10/networkInterfaces/[NIC_NAME] is not an allowed target resource. The supported resource types for the target resource are VM, VirtualNetwork, Subnet, VMScaleSet.

I'm opening this issue to track the fix and then publish it in the public repo too, I'm already working on this by myself so no help is expected, still if anyone has suggestions/ideas i will be more than happy to hear them
@leoiancu21
Copy link
Contributor Author

@doomedraven could you add the Azure tag, I can't figure out how to add it by myself

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
azure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doomedraven @leoiancu21