psnuffle Auxiliary failed: ArgumentError malformed UTF-8 character

[ttskym]

I got a error when running psnuffle sniffer in the metasploit framework.

msf auxiliary(sniffer/psnuffle) > run
[*] Auxiliary module running as background job 0.
msf auxiliary(sniffer/psnuffle) >
[*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
[*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
[*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
[*] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
[*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
[*] Sniffing traffic.....
[-] Auxiliary failed: ArgumentError malformed UTF-8 character
[-] Call stack:
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/protos/lldp/header.rb:83:in `unpack'
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/protos/lldp/header.rb:83:in `read'
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/protos/eth/header.rb:184:in `read'
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/protos/lldp.rb:27:in `read'
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/packet.rb:49:in `parse'
[-]   /usr/share/metasploit-framework/modules/auxiliary/sniffer/psnuffle.rb:93:in `block in run'
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:171:in `block in each_packet'
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:170:in `each'
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:170:in `each_packet'
[-]   /usr/share/metasploit-framework/modules/auxiliary/sniffer/psnuffle.rb:92:in `run'
msf auxiliary(sniffer/psnuffle) > uname -a

System:
Linux kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 GNU/Linux

Metasploit:
Package: metasploit-framework
Version: 4.16.31-0kali1

[wvu]

Wow, psnuffle!

[sempervictus]

Probably need the packet the caused this for a rational debug.

[ShiZiLaiXi]

I also encountered this mistake

[Jheack]

me too!!!

[bcoles]

@Jheack do you have a packet capture? Which protocol? lldp ?

[ttskym]

@busterb all right , it has been a long time since i issued the problem...

[eric-nie]

5.3.0-kali3-amd64 #1 SMP Debian 5.3.15-1kali1 (2019-12-09) x86_64 GNU/Linux
不知的什么导致的，最新版的也不能用

msf5 auxiliary(sniffer/psnuffle) > run
[] Auxiliary module running as background job 1.
msf5 auxiliary(sniffer/psnuffle) >
[] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/
[] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits
[] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits
[] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/
[] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/
[] Sniffing traffic.....
[] HTTP GET: 10.20.24.105:29471-140.205.164.1:80 http://gm.mmstat.com//wwx
[-] Auxiliary failed: ArgumentError malformed UTF-8 character
[-] Call stack:
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf
[-] /usr/share/metasploit-framework/modules/auxiliary/sniffer/psnuffle.rb
[-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:171:i
[-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:170:i
[-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:170:i
[-] /usr/share/metasploit-framework/modules/auxiliary/sniffer/psnuffle.rb

msf5 auxiliary(sniffer/psnuffle) >

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[Emily201505]

version: metasploit v6.3.27-dev
I encountered this mistake

[adfoster-r7]

@Emily201505 Are you able to consistently replicate this issue? We can't fix reliably fix this without knowing the protocol that caused the issue etc

[sempervictus]

@Emily201505 - any chance you could acquire the actual LLDP packet causing this into a pcap/base64/something we can use to reproduce? Quick glance at where thats happening kinda makes me wonder "how"

[Emily201505]

@sempervictus

[sempervictus]

Thanks for the screenshot, i was hoping for a pcap of the packet. However, that does at least show us where we need to add an exception handler - in this case, packetfu itself.

[yshalive]

I have the same problem. How can I solve it ，in the metasploit framework ,use Auxiliary (sniffer/psnuffle) failed.