[python3_support] PCAP dump results in [Errno 21] Is a directory error.

[digitalsleuth]

Testing the python3_support branch of CapTipper and attempted to follow your walkthrough to the letter. Got to the dump phase and tried both the dump all /tmp/ -e method and the CapTipper.py 2014-11-06-Nuclear-EK-traffic.pcap -d /tmp/ option and both got the same errors:

root@fb16f3336d75:/captipper# ./CapTipper.py 2014-11-06-Nuclear-EK-traffic.pcap -d /tmp 
CapTipper v0.3 b14 - Malicious HTTP traffic explorer tool
Copyright 2015 Omri Herscovici <[email protected]>

[A] Analyzing PCAP: 2014-11-06-Nuclear-EK-traffic.pcap

[+] Traffic Activity Time:  Thu, 11/06/14 15:02:35
[+] Conversations Found:

0:  /  -> text/html (0.html) [5.4 KB]  (Magic: GZ)
1:  /wp-includes/js/jquery/jquery.js?ver=1.7.2  -> application/javascript (jquery.js) [38.6 KB]  (Magic: GZ)
2:  /seedadmin17.html  -> text/html (seedadmin17.html) [354.0 B]  (Magic: HTML)
3:  /wp-content/uploads/2014/01/MetroWest_COVER_Issue2_Feb2014.jpg  -> image/jpeg (MetroWest_COVER_Issue2_Feb2014.jpg) [341.8 KB]  (Magic: JPG)
4:  /15c0b14drr9f_1_08282d03fb0251bbd75ff6dc6e317bd9.html  -> text/html (15c0b14drr9f_1_08282d03fb0251bbd75ff6dc6e317bd9.html) [110.5 KB]  (Magic: HTML)
5:  /images/footer/3000melbourne.png  -> image/png (3000melbourne.png) [2.9 KB]  (Magic: PNG)
6:  /images/footer/3207portmelbourne.png  -> image/png (3207portmelbourne.png) [3.0 KB]  (Magic: PNG)
7:  /wp-content/uploads/2012/09/background1.jpg  -> image/jpeg (background1.jpg) [32.3 KB]  (Magic: JPG)
8:  /00015d76d9b2rr9f/1415286120  -> application/octet-stream (00015d76.swf) [30.8 KB]  (Magic: SWF)
9:  /00015d766423rr9f/1415286120  -> application/pdf (XykpdWhZZ2.pdf) [9.7 KB]  (Magic: PDF)
10:  /00015d76rr9f/1415286120/5/x00809070554515d565b010b03510053535c0505;1;6  -> application/octet-stream (5.exe) [136.0 KB]  (Magic: EXE)
11:  /00015d76rr9f/1415286120/5/x00809070554515d565b010b03510053535c0505;1;6;1  -> application/octet-stream (5.exe) [136.0 KB]  (Magic: EXE)
12:  /00015d76rr9f/1415286120/7  -> application/octet-stream (7.exe) [136.0 KB]  (Magic: EXE)
13:  /00015d761709rr9f/1415286120  -> application/octet-stream (00015d76.swf) [7.9 KB]  (Magic: XAP)
14:  /00015d76rr9f/1415286120/8  -> application/octet-stream (8.exe) [136.0 KB]  (Magic: EXE)

 GZIP Decompression of object 0 (0.html) successful!
 New object created: 15

 GZIP Decompression of object 1 (jquery.js) successful!
 New object created: 16

[Errno 21] Is a directory: '/tmp/0-0.html'
[Errno 21] Is a directory: '/tmp/1-jquery.js'
[Errno 21] Is a directory: '/tmp/2-seedadmin17.html'
[Errno 21] Is a directory: '/tmp/3-MetroWest_COVER_Issue2_Feb2014.jpg'
[Errno 21] Is a directory: '/tmp/4-15c0b14drr9f_1_08282d03fb0251bbd75ff6dc6e317bd9.html'
[Errno 21] Is a directory: '/tmp/5-3000melbourne.png'
[Errno 21] Is a directory: '/tmp/6-3207portmelbourne.png'
[Errno 21] Is a directory: '/tmp/7-background1.jpg'
[Errno 21] Is a directory: '/tmp/8-00015d76.swf'
[Errno 21] Is a directory: '/tmp/9-XykpdWhZZ2.pdf'
[Errno 21] Is a directory: '/tmp/10-5.exe'
[Errno 21] Is a directory: '/tmp/11-5.exe'
[Errno 21] Is a directory: '/tmp/12-7.exe'
[Errno 21] Is a directory: '/tmp/13-00015d76.swf'
[Errno 21] Is a directory: '/tmp/14-8.exe'
[Errno 21] Is a directory: '/tmp/15-ungzip-0.html'
[Errno 21] Is a directory: '/tmp/16-ungzip-jquery.js'

While the copy/paste from this test is from a Docker (Ubuntu 20.04), I have tested this in a physical Ubuntu 18.04 installation, and both a virtual 18.04 VM and 20.04 VM. The only change made to both was adding the '3' at the end of the shebang in CapTipper.py.

I did change the 'cgi.escape' to 'html.escape' in the Ubuntu 20 install, but this is only part of the jsontemplate, and does not (should not) affect the dump_all_files or dump_file function in CTCore.py

[omriher]

Fixed. Created folders instead of files by mistake.
make sure to clean /tmp/ before you try again.