Manx page won't load: AttributeError: 'TransportSocket' object has no attribute 'send'

[heyquentin]

Describe the bug
After deploying a Manx agent, Manx page is unable to load.

To Reproduce
Steps to reproduce the behavior:

1. Deploy a Manx agent
2. Navigate to the Manx plugin window. The page will not load and an error will display in the bottom right.

Expected behavior
A terminal will be displayed in the Manx window allowing for a reverse shell connection to the agent machine.

Screenshots

Desktop (please complete the following information):

• OS: Kali 2023.2
• Browser Firefox
• Version: Latest Caldera pulled from git clone

Additional context
Log

┌──(kali㉿kali)-[/opt/caldera]
└─$ python3 server.py --insecure
2023-07-02 15:51:32 - WARNING (server.py:118 <module>) --insecure flag set. Caldera will use the default.yml config file.
2023-07-02 15:51:32 - INFO  (server.py:125 <module>) Using main config from conf/default.yml
2023-07-02 15:51:33 - INFO  (contact_gist.py:70 start) Invalid Github Gist personal API token provided. Gist C2 contact will not be started.
2023-07-02 15:51:33 - INFO  (tunnel_ssh.py:26 start) Generating temporary SSH private key. Was unable to use provided SSH private key
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: stockpile
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: response
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: atomic
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: access
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: compass
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: manx
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: fieldmanual
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: sandcat
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: training
2023-07-02 15:51:34 - INFO  (app_svc.py:116 load) Enabled plugin: debrief
2023-07-02 15:51:34 - INFO  (logging.py:92 log) Creating SSH listener on 0.0.0.0, port 8022
2023-07-02 15:51:34 - INFO  (server.py:741 start) serving on 0.0.0.0:2222
2023-07-02 15:51:34 - INFO  (file_util.py:137 copy_file) copying /opt/caldera/plugins/stockpile/docs/Exfiltration-How-Tos.md -> /opt/caldera/plugins/fieldmanual/sphinx-docs/plugins/stockpile
2023-07-02 15:51:34 - INFO  (file_util.py:137 copy_file) copying /opt/caldera/plugins/sandcat/docs/Sandcat-Details.md -> /opt/caldera/plugins/fieldmanual/sphinx-docs/plugins/sandcat
2023-07-02 15:51:34 - INFO  (file_util.py:137 copy_file) copying /opt/caldera/plugins/debrief/docs/debrief1.png -> /opt/caldera/plugins/fieldmanual/sphinx-docs/plugins/debrief
2023-07-02 15:51:34 - INFO  (file_util.py:137 copy_file) copying /opt/caldera/plugins/debrief/docs/debrief_2023-02-24_17-08-14.pdf -> /opt/caldera/plugins/fieldmanual/sphinx-docs/plugins/debrief
2023-07-02 15:51:34 - INFO  (file_util.py:137 copy_file) copying /opt/caldera/plugins/debrief/docs/debrief2.png -> /opt/caldera/plugins/fieldmanual/sphinx-docs/plugins/debrief
2023-07-02 15:51:34 - INFO  (file_util.py:137 copy_file) copying /opt/caldera/plugins/debrief/docs/debrief3.png -> /opt/caldera/plugins/fieldmanual/sphinx-docs/plugins/debrief
2023-07-02 15:51:38 - INFO  (hook.py:58 build_docs) Docs built successfully.
2023-07-02 15:51:38 - INFO  (server.py:73 run_tasks) All systems ready.
2023-07-02 15:54:25 - ERROR (contact_tcp.py:93 send) 'TransportSocket' object has no attribute 'send'
Traceback (most recent call last):
  File "/opt/caldera/app/contacts/contact_tcp.py", line 87, in send
    conn.send(str.encode(' '))
    ^^^^^^^^^
AttributeError: 'TransportSocket' object has no attribute 'send'
2023-07-02 15:54:34 - ERROR (base_events.py:1771 default_exception_handler) Task exception was never retrieved
future: <Task finished name='Task-20' coro=<Contact.operation_loop() done, defined at /opt/caldera/app/contacts/contact_tcp.py:27> exception=AttributeError("'TransportSocket' object has no attribute 'send'")>
Traceback (most recent call last):
  File "/opt/caldera/app/contacts/contact_tcp.py", line 29, in operation_loop
    await self.tcp_handler.refresh()
  File "/opt/caldera/app/contacts/contact_tcp.py", line 63, in refresh
    session.connection.send(str.encode(' '))
    ^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'TransportSocket' object has no attribute 'send'

[github-actions]

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

[heyquentin]

I have a little more info on this one. The agent dies pretty much instantly on both Linux and Windows. An agent shows up in the Agents page but dies on refresh. I enabled debug logging and saw that there seemed to be a websocket that's open and immediately closed. I'm not sure what a good run looks like but I think this might be where the issue is. I tried checking out 4.1.0 and it had the same problem. So I tried upgrading/downgrading websockets (11, 10.4, 10.3, etc.) via pip but the issue persists.

Here's the log. It starts with the login to the web interface then the agent tries to make a callback.

2023-07-05 12:56:21 - DEBUG (auth_svc.py:155 handle_successful_login) red logging in
2023-07-05 12:56:28 - DEBUG (contact_svc.py:85 handle_heartbeat) First time tcp beacon from xettnr
2023-07-05 12:56:28 - DEBUG (protocol.py:255 __init__) = connection is CONNECTING
2023-07-05 12:56:28 - DEBUG (client.py:115 write_http_request) > GET /agent/added HTTP/1.1
2023-07-05 12:56:28 - DEBUG (client.py:117 write_http_request) > Host: 0.0.0.0:7012
2023-07-05 12:56:28 - DEBUG (client.py:117 write_http_request) > Upgrade: websocket
2023-07-05 12:56:28 - DEBUG (client.py:117 write_http_request) > Connection: Upgrade
2023-07-05 12:56:28 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Key: dNCEdj/s3O6h7JmvqcW67A==
2023-07-05 12:56:28 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Version: 13
2023-07-05 12:56:28 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2023-07-05 12:56:28 - DEBUG (client.py:117 write_http_request) > User-Agent: Python/3.11 websockets/11.0.3
2023-07-05 12:56:28 - DEBUG (client.py:148 read_http_response) < HTTP/1.1 101 Switching Protocols
2023-07-05 12:56:28 - DEBUG (client.py:150 read_http_response) < Upgrade: websocket
2023-07-05 12:56:28 - DEBUG (client.py:150 read_http_response) < Connection: Upgrade
2023-07-05 12:56:28 - DEBUG (client.py:150 read_http_response) < Sec-WebSocket-Accept: pet71cwXchGWisOM9xplLT4ZQng=
2023-07-05 12:56:28 - DEBUG (client.py:150 read_http_response) < Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12; client_max_window_bits=12
2023-07-05 12:56:28 - DEBUG (client.py:150 read_http_response) < Date: Wed, 05 Jul 2023 16:56:28 GMT
2023-07-05 12:56:28 - DEBUG (client.py:150 read_http_response) < Server: Python/3.11 websockets/11.0.3
2023-07-05 12:56:28 - DEBUG (protocol.py:356 connection_open) = connection is OPEN
2023-07-05 12:56:28 - DEBUG (protocol.py:1223 write_close_frame) = connection is CLOSING
2023-07-05 12:56:28 - DEBUG (protocol.py:1174 write_frame_sync) > CLOSE 1000 (OK) [2 bytes]
2023-07-05 12:56:28 - DEBUG (protocol.py:1168 read_frame) < CLOSE 1000 (OK) [2 bytes]
2023-07-05 12:56:28 - DEBUG (protocol.py:1494 connection_lost) = connection is CLOSED
2023-07-05 12:56:28 - ERROR (contact_tcp.py:93 send) 'TransportSocket' object has no attribute 'send'
Traceback (most recent call last):
  File "/opt/caldera/app/contacts/contact_tcp.py", line 87, in send
    conn.send(str.encode(' '))
    ^^^^^^^^^
AttributeError: 'TransportSocket' object has no attribute 'send'

[heyquentin]

Same problem on Debian 12. With Debian 11 the Manx page loads when the agent calls back and looks like it wants to do something but nothing actually works. The Debian 11 machine is using Python 3.9.2 whereas the others are all using 3.11.x

The log is showing heartbeats whereas the other attempts weren't.

2023-07-05 11:24:18 - DEBUG (app_svc.py:132 retrieve_compiled_file) manx.go downloaded with hash=72123fd84634888b537683103e6013a9bc2e023b1db49b7eeeabdc2a799eca22 and name=splunkd
2023-07-05 11:24:18 - DEBUG (contact_svc.py:85 handle_heartbeat) First time tcp beacon from dwjrmm
2023-07-05 11:24:18 - DEBUG (protocol.py:255 __init__) = connection is CONNECTING
2023-07-05 11:24:18 - DEBUG (client.py:115 write_http_request) > GET /agent/added HTTP/1.1
2023-07-05 11:24:18 - DEBUG (client.py:117 write_http_request) > Host: 0.0.0.0:7012
2023-07-05 11:24:18 - DEBUG (client.py:117 write_http_request) > Upgrade: websocket
2023-07-05 11:24:18 - DEBUG (client.py:117 write_http_request) > Connection: Upgrade
2023-07-05 11:24:18 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Key: TNxa0/yHuzg3tGvX/hvIpA==
2023-07-05 11:24:18 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Version: 13
2023-07-05 11:24:18 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2023-07-05 11:24:18 - DEBUG (client.py:117 write_http_request) > User-Agent: Python/3.9 websockets/11.0.3
2023-07-05 11:24:18 - DEBUG (client.py:148 read_http_response) < HTTP/1.1 101 Switching Protocols
2023-07-05 11:24:18 - DEBUG (client.py:150 read_http_response) < Upgrade: websocket
2023-07-05 11:24:18 - DEBUG (client.py:150 read_http_response) < Connection: Upgrade
2023-07-05 11:24:18 - DEBUG (client.py:150 read_http_response) < Sec-WebSocket-Accept: wbSdC4mMsBBg7A6vnz2a1bIP2rY=
2023-07-05 11:24:18 - DEBUG (client.py:150 read_http_response) < Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12; client_max_window_bits=12
2023-07-05 11:24:18 - DEBUG (client.py:150 read_http_response) < Date: Wed, 05 Jul 2023 18:24:18 GMT
2023-07-05 11:24:18 - DEBUG (client.py:150 read_http_response) < Server: Python/3.9 websockets/11.0.3
2023-07-05 11:24:18 - DEBUG (protocol.py:356 connection_open) = connection is OPEN
2023-07-05 11:24:18 - DEBUG (protocol.py:1223 write_close_frame) = connection is CLOSING
2023-07-05 11:24:18 - DEBUG (protocol.py:1174 write_frame_sync) > CLOSE 1000 (OK) [2 bytes]
2023-07-05 11:24:18 - DEBUG (protocol.py:1168 read_frame) < CLOSE 1000 (OK) [2 bytes]
2023-07-05 11:24:18 - DEBUG (protocol.py:1494 connection_lost) = connection is CLOSED
2023-07-05 11:24:18 - ERROR (contact_tcp.py:93 send) Expecting value: line 2 column 1 (char 1)
Traceback (most recent call last):
  File "/home/quentin/Downloads/caldera/app/contacts/contact_tcp.py", line 90, in send
    response = json.loads(response)
  File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 2 column 1 (char 1)
2023-07-05 11:24:34 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:24:54 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:25:14 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:25:34 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:25:54 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:26:14 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:26:34 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:26:54 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:27:14 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:27:34 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:27:54 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:28:14 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:28:34 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:28:54 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:29:14 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:29:34 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:29:54 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:30:14 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:30:34 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:30:54 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm
2023-07-05 11:31:14 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dwjrmm

[heyquentin]

I have a working copy of Manx. I set up a Ubuntu 20.04.6 machine using Python 3.8.10, installed Caldera and got a Manx callback and it looks like the terminal is working.

I don't think that websocket thing above is an issue anymore because the working version seems to be doing it too. (I have 2 agents in the log, Windows & Linux)

2023-07-05 13:11:06 - DEBUG (contact_svc.py:85 handle_heartbeat) First time tcp beacon from qbiifh
2023-07-05 13:11:06 - DEBUG (protocol.py:255 __init__) = connection is CONNECTING
2023-07-05 13:11:06 - DEBUG (client.py:115 write_http_request) > GET /agent/added HTTP/1.1
2023-07-05 13:11:06 - DEBUG (client.py:117 write_http_request) > Host: 0.0.0.0:7012
2023-07-05 13:11:06 - DEBUG (client.py:117 write_http_request) > Upgrade: websocket
2023-07-05 13:11:06 - DEBUG (client.py:117 write_http_request) > Connection: Upgrade
2023-07-05 13:11:06 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Key: 4uvbjwToI2zkdptouWpxUw==
2023-07-05 13:11:06 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Version: 13
2023-07-05 13:11:06 - DEBUG (client.py:117 write_http_request) > Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2023-07-05 13:11:06 - DEBUG (client.py:117 write_http_request) > User-Agent: Python/3.8 websockets/11.0.3
2023-07-05 13:11:06 - DEBUG (client.py:148 read_http_response) < HTTP/1.1 101 Switching Protocols
2023-07-05 13:11:06 - DEBUG (client.py:150 read_http_response) < Upgrade: websocket
2023-07-05 13:11:06 - DEBUG (client.py:150 read_http_response) < Connection: Upgrade
2023-07-05 13:11:06 - DEBUG (client.py:150 read_http_response) < Sec-WebSocket-Accept: P2vq5+WOSzBK/LVi4Lb0d+BLHP4=
2023-07-05 13:11:06 - DEBUG (client.py:150 read_http_response) < Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12; client_max_window_bits=12
2023-07-05 13:11:06 - DEBUG (client.py:150 read_http_response) < Date: Wed, 05 Jul 2023 20:11:06 GMT
2023-07-05 13:11:06 - DEBUG (client.py:150 read_http_response) < Server: Python/3.8 websockets/11.0.3
2023-07-05 13:11:06 - DEBUG (protocol.py:356 connection_open) = connection is OPEN
2023-07-05 13:11:06 - DEBUG (protocol.py:1223 write_close_frame) = connection is CLOSING
2023-07-05 13:11:06 - DEBUG (protocol.py:1174 write_frame_sync) > CLOSE 1000 (OK) [2 bytes]
2023-07-05 13:11:06 - DEBUG (protocol.py:1168 read_frame) < CLOSE 1000 (OK) [2 bytes]
2023-07-05 13:11:06 - DEBUG (protocol.py:1494 connection_lost) = connection is CLOSED
2023-07-05 13:11:06 - ERROR (contact_tcp.py:93 send) Expecting value: line 2 column 1 (char 1)
Traceback (most recent call last):
  File "/home/quentin/Downloads/caldera/app/contacts/contact_tcp.py", line 90, in send
    response = json.loads(response)
  File "/usr/lib/python3.8/json/__init__.py", line 357, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.8/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.8/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 2 column 1 (char 1)
2023-07-05 13:11:17 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dxjfao
2023-07-05 13:11:17 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from qbiifh
2023-07-05 13:11:37 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dxjfao
2023-07-05 13:11:37 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from qbiifh
2023-07-05 13:11:57 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dxjfao
2023-07-05 13:11:57 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from qbiifh
2023-07-05 13:12:17 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dxjfao
2023-07-05 13:12:17 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from qbiifh
2023-07-05 13:12:37 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from dxjfao
2023-07-05 13:12:37 - DEBUG (contact_svc.py:65 handle_heartbeat) Incoming tcp beacon from qbiifh

I also just got finished testing a Ubuntu 22.04.2 machine running Python 3.10.6 and it seems to be working too.

[heyquentin]

I got Manx working on my original Kali install by compiling Python 3.10.6 using these instructions: https://computingforgeeks.com/how-to-install-python-on-ubuntu-linux-system/?expand_article=1

[GuillaumeBrn]

Hello @heyquentin,
I have the same problem on Kali Linux, whether I'm using Python 3.10/11/12. My MANX agent on my target machine is always crashing (dead, untrusted), it is impossible to pass commands.
When I'm trying to launch server with other Python versions (those mentionned above), I have errors such as :
AttributeError: 'TransportSocket' object has no attribute 'send'

[sh0ckSec]

@GuillaumeBrn I'm getting the same issue using the latest 4.2.0 version, Kali 2023.2 and python 3.11.2

[GuillaumeBrn]

@GuillaumeBrn I'm getting the same issue using the latest 4.2.0 version, Kali 2023.2 and python 3.11.2

Yep, there are issues with Python 3.11.
Using it in a Python 3.9.6 virtual environnment worked for me.
Maybe the Docker alternative is also a good solution.

[elegantmoose]

@heyquentin @GuillaumeBrn @sh0ckSec Unfortunately we dont have near term dev cycles to address these issues, the main fact being Manx has been left to age without any updates for a minute now. I will keep issue open so we track it, but apologies on no immediate solutions. *We do of course welcome and PRs from you all if youd like to.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days