Is there an openSUSE version of Cable Haunt vulnerability test? I was unable to install “pipenv”.
The Cable Modem with Broadcom chip will need the Cable ISP to update the software on the cable modem to eliminate the security hole that allows redirection.
The best option until then is to use DNS other than the ISP’s that can be hacked.
Google’s 8.8.8.8 and 8.8.4.4 is an option as are other free DNS services.
here is the January list of free DNS providers
https://www.lifewire.com/free-and-public-dns-servers-2626062
Possibly not needed – there are private Python3 pipenv openSUSE builds but, nothing accepted yet …
The Vulnerability test is Python script available from GitHub: <https://github.com/Lyrebirds/cable-haunt-vulnerability-test/blob/master/test.py>.
- I could be wrong but, you could simply try running that script with the Python3 interpreter which should have been installed by default on your Leap 15.1 system.
Tried python 2 and 3 neither works
llrainey@VM1:~> python2 test
File "test", line 71
async def testEndpointWithCredentials(ipPort: Tuple[str, int], data: str, inputCredentials: List[str]):
^
SyntaxError: invalid syntax
llrainey@VM1:~>
llrainey@VM1:~> python3 test
Traceback (most recent call last):
File "test", line 1, in <module>
import websockets
ModuleNotFoundError: No module named 'websockets'
llrainey@VM1:~>
Hi
Install python3-websockets, so python3 only application…
got a little farther after installing python3-websockets - any ideas to this error - zypper installed python3-websockets-3.4-lp151.2.4.x86_64 successfully.
llrainey@VM1:~> python3 test
Traceback (most recent call last):
File "test", line 9, in <module>
from websockets.exceptions import WebSocketException
ImportError: cannot import name 'WebSocketException'
llrainey@VM1:~>
Same here – <https://websockets.readthedocs.io/en/stable/api.html> – “websockets.exceptions defines the following exception hierarchy:”
- “WebSocketException
”
“exception websockets.exceptions.WebSocketException”
[INDENT=2]“Base class for all exceptions defined by websockets.”[/INDENT]
But, I can’t find “WebSocketException” anywhere in /usr/lib64/python3.6/site-packages/websockets/ …
It may be a Python 3.7 feature – there’s a mention of python 3.7 being needed for the Cable Haunt test script here: <https://github.com/Lyrebirds/cable-haunt-vulnerability-test>
Hi
That would be the issue, works here on Tumbleweed, fire up a live USB instance, install whats needed and run from that…
Leap 15.1 can run it.
For those interested I got it to work by installing the opt-python7 from opensuse site and downloading and extracting the python3-websockets from the Tumbleweed archive and moving them into the proper lib and share locations in /opt/python.
you need these 2 files:
opt-python37-3.7.6-lp151.15.1.x86_64.rpm from the opensuse 15.1 experimental and install with zypper
python3-websockets-8.0.2-2.4.x86_64.rpm from tumbleweed repo expand with archive manager and move lib64 to /opt/python/lib and share to /opt/python/share
I added my cable modem ip and router ip to the test.
llrainey@VM1:~> /opt/python/bin/python3.7 test
Scanning ports between 23 and 65535 for adresses: '104.143.55.1, 192.168.0.1']
We could not find ip and port for spectrum analyzer. This could mean you are not vulnerable or that we did not test for the correct IP, port or credentials. Please refer to the repo if you want to expand the list of IPs, ports and credentials you are scanning.
Thank you for testing your modem, do you want to send your results to Cable Haunt? (Y/n)
n
llrainey@VM1:~>
Thank you. That turned out to be the simplest solution for me.