On a fresh build with both Viper Framework and Viper Web running, I can't seem to access the API docs through the UI. When navigating to /v3/api/docs I get 500 Internal Server Error. Below is the error being thrown up by the API:

`The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/home/user/.local/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/home/user/.local/lib/python3.6/site-packages/django/core/handlers/base.py", line 145, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/home/user/.local/lib/python3.6/site-packages/django/core/handlers/base.py", line 143, in _get_response
response = response.render()
File "/home/user/.local/lib/python3.6/site-packages/django/template/response.py", line 106, in render
self.content = self.rendered_content
File "/home/user/.local/lib/python3.6/site-packages/rest_framework/response.py", line 70, in rendered_content
ret = renderer.render(self.data, accepted_media_type, context)
File "/home/user/.local/lib/python3.6/site-packages/rest_framework_swagger/renderers.py", line 58, in render
renderer_context
File "/home/user/.local/lib/python3.6/site-packages/django/shortcuts.py", line 36, in render
content = loader.render_to_string(template_name, context, request, using=using)
File "/home/user/.local/lib/python3.6/site-packages/django/template/loader.py", line 62, in render_to_string
return template.render(context, request)
File "/home/user/.local/lib/python3.6/site-packages/django/template/backends/django.py", line 63, in render
reraise(exc, self.backend)
File "/home/user/.local/lib/python3.6/site-packages/django/template/backends/django.py", line 84, in reraise
raise new from exc
django.template.exceptions.TemplateDoesNotExist: rest_framework_swagger/base.html`

Any ideas?

https://viper.li/

How to reproduce:

example payload:

$ cat this_is_a_test
this
<h1>is a</h1>
test
<strong>payload</strong>
<script>alert('this is a test');</script>

upload the this_is_a_test sample to the Viper instance, go to the modules tab and run the All Strings module...

You'll get an alert and formatted HTML in the display.

Why it's bad:
This could allow malicious code embedded in malware samples to achieve execution in an analysts browser session...

How to fix it:
It should be using innerText over innerHTML when injecting the content into the page, as this will have it bypass HTML processing attempts. An alternative fix would be running all output returned from modules through an HTML special characters encoding process before injecting the content into the page.

Either case should fix the problem.

Having a devil of a time figuring out how to run a module against a sample.

I am using the v3 api and can see the Modules listed in API , but I can't seem to find the ability to actually run them against a sample. Can someone give me a hint?

Hello viper-team,

could you please help with this issue raised right after a fresh install?
After login to viper, a 500-Error apears and wont let me do any further action.
Nevertheless, the login to the admin works fine...

Thanks a lot for the help and more thanks for giving us such a great tool .... :-)

Cheers
Marcus

_2020-10-03 13:37:16 - django.request - ERROR - log.py:228 - Internal Server Error: /
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/django/template/defaulttags.py", line 1021, in find_library
return parser.libraries[name]
KeyError: 'staticfiles'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/base.py", line 113, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.6/dist-packages/django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/django/contrib/auth/mixins.py", line 52, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/django/views/generic/base.py", line 97, in dispatch
return handler(request, *args, **kwargs)
File "/opt/viper/viper/web/viperweb/views.py", line 310, in get
'projects': get_project_list()})
File "/usr/local/lib/python3.6/dist-packages/django/shortcuts.py", line 19, in render
content = loader.render_to_string(template_name, context, request, using=using)
File "/usr/local/lib/python3.6/dist-packages/django/template/loader.py", line 61, in render_to_string
template = get_template(template_name, using=using)
File "/usr/local/lib/python3.6/dist-packages/django/template/loader.py", line 15, in get_template
return engine.get_template(template_name)
File "/usr/local/lib/python3.6/dist-packages/django/template/backends/django.py", line 34, in get_template
return Template(self.engine.get_template(template_name), self)
File "/usr/local/lib/python3.6/dist-packages/django/template/engine.py", line 143, in get_template
template, origin = self.find_template(template_name)
File "/usr/local/lib/python3.6/dist-packages/django/template/engine.py", line 125, in find_template
template = loader.get_template(name, skip=skip)
File "/usr/local/lib/python3.6/dist-packages/django/template/loaders/cached.py", line 53, in get_template
template = super().get_template(template_name, skip)
File "/usr/local/lib/python3.6/dist-packages/django/template/loaders/base.py", line 30, in get_template
contents, origin, origin.template_name, self.engine,
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 156, in init
self.nodelist = self.compile_nodelist()
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 194, in compile_nodelist
return parser.parse()
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 477, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 475, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.6/dist-packages/django/template/loader_tags.py", line 266, in do_extends
nodelist = parser.parse()
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 477, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 475, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.6/dist-packages/django/template/loader_tags.py", line 209, in do_block
nodelist = parser.parse(('endblock',))
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 477, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 475, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.6/dist-packages/django/template/defaulttags.py", line 1072, in load
lib = find_library(parser, name)
File "/usr/local/lib/python3.6/dist-packages/django/template/defaulttags.py", line 1025, in find_library
name, "\n".join(sorted(parser.libraries)),
django.template.exceptions.TemplateSyntaxError: 'staticfiles' is not a registered tag library. Must be one of:
admin_list
admin_modify
admin_urls
bootstrap
cache
debugger_tags
highlighting
i18n
indent_text
l10n
log
rest_framework
static
syntax_color
truncate_letters
tz
viper_template_tags
widont
2020-10-03 13:37:16 - django.server - ERROR - basehttp.py:157 - "GET / HTTP/1.1" 500 5411

Hi,

Been using Viper-web for some time now and I love it! I plan to move my current database to a new server. However, is there a method I can use to backup my current database (notes, samples, users, tags etc...) or would I need to add everything manually?

OS: Ubuntu Server 18.04.4 LTS

Thank you!

Did someone else faced issues with running Viper modules in parallel, in different windows?

Here is an example:

1. Operation 1 is starting and needs to read the file two times.
2. While running, it reads a file, per need. In a deparate window, a user starts Operation 2, with a different module for a different/same file.
3. Operation 2 is quite fast and ends, while Operation 1 still running.
   As operation 2 ends __sessions__.close() is called, which sets self.current = None views.py(#261)
4. Operation 1 continues and reaches a point where for example needs to read the file again, as per needs. Example: xored = xordata(__sessions__.current.file.data, key) - which will fail, as sessions.current was destroyed one step ago.

I don't know if this is an expected behavior, or that the VIPER framework should not be used for parallel processing - so, if someone else faces this issue, feel free to join the party. Here is the fix that worked for me, in order to delay the 2nd, 3rd, etc processing and process them sequential:

views.py:

def module_cmdline(project=None, cmd_line=None, file_hash=None):

    wait_counts = 0
    while __sessions__.is_set():
        time.sleep(3)
        wait_counts+=1
        print('Waiting for the session to become available')
        if wait_counts >= 60:
            return '<p class="text-danger">Was not able to acquire an available session. Please retry or restart the web server</p>'

    html = ""
    cmd = Commands()
    split_commands = cmd_line.split(';')
   .......

This is likely due to the project re-alignment mentioned viper-framework/viper#767, but what is the process to install viper-web?

I followed the install instructions for core viper (using pip3 install) and then did a git clone of the viper-web repository into the $HOME/.viper directory. After installing the requirements, when attempting to run viper-web I receive "No module named viper.web" from django.setup().

I suspect it may be due to the location I'm trying to run viper web from?

The "interactive API" is implemented in rest_framework_swagger which unfortunately is no longer maintained: marcgibbons/django-rest-swagger#815 (comment).

An alternative seems to be: https://github.com/axnsan12/drf-yasg

I am using Cuckoo Version 2.0.7 and I am getting an error of Unable to Submit File
with a 401 Unauthorized error code when submitting to Cuckoo from Viper Web. Newer versions of Cuckoo requires an API token in the header to access the API according to the Cuckoo Docs https://cuckoo.readthedocs.io/en/latest/usage/api/#starting-the-api-server

To fix this, I had to replace this line (line 711) in views.py:
cuckoo_response = requests.post(uri, files=options)

with this

if cfg.cuckoo.cuckoo_modified:
    cuckoo_response = requests.post(uri, files=options)
else:
    auth_headers = {'Authorization': "Bearer {0}".format(cfg.cuckoo.auth_token)}
    cuckoo_response = requests.post(uri, headers=auth_headers, files=options)

Then I had to add an auth_token line to the cuckoo section of viper.conf

[cuckoo]
cuckoo_modified = False
cuckoo_host = http://localhost:8090
cuckoo_web = http://localhost:8000
auth_token = <Cuckoo API Key goes Here>

How to install Viper-Web

First we install the dependencies

sudo apt install git build-essential python3 python3-dev python3-pip exiftool clamav-daemon tor libdpkg-perl libssl-dev swig libffi-dev ssdeep libfuzzy-dev unrar p7zip-full virtualenv gcc

We create and activate an environment

virtualenv --python=python3 ~/venv/viper

. ~/venv/viper/bin/activate

Clone and install viper

git clone https://github.com/viper-framework/viper

cd viper

pip install .

Open viper and update modules

viper

update-modules

Clone viper-web in .viper

cd ~/.viper

git clone https://github.com/viper-framework/viper-web.git

cd viper-web

pip install -r requirements.txt

We get an error when running viper-web

./viper-web

Change code in itypes.py

nano ~/venv/viper/lib/python3.10/site-packages/itypes.py

In line 2 we put this

from collections.abc import Mapping, Sequence

And finally we run it

./viper-web

We can change the launch options in

nano ~/.viper/viper.conf

And go to [web]

Based on the tutorial of f0wL's Blog