Server responding with 500 Internal Server Error in fresh installed

[sdelgadoalvarez]

Good day,

I have tryed to install Caldera using Docker and also on my own machine both of them Ubuntu.

I have followed the installations instructions and everything worked fine till the server is started. When I try to access the website I always receive a HTTP 500 code with no logs in the service.

I'm using branch 5.0.0 but having the same issue with the master branch.

Here is the log of the building process python3 server.py --insecure --build

2024-10-01 14:21:35 - WARNING (server.py:202 <module>) --insecure flag set. Caldera will use the default.yml config file.
2024-10-01 14:21:36 - INFO  (server.py:211 <module>) Using main config from conf/default.yml
2024-10-01 14:21:37 - INFO  (server.py:247 <module>) Building VueJS front-end.

up to date, audited 768 packages in 7s

100 packages are looking for funding
  run `npm fund` for details

16 vulnerabilities (8 moderate, 7 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

> [email protected] build
> node prebundle.js && vite build

Copying all plugin GUI source files to magma
Copying over "access" files...
Copying over "atomic" files...
Copying over "builder" files...
Copying over "compass" files...
Copying over "debrief" files...
Copying over "emu" files...
Copying over "gameboard" files...
Copying over "human" files...
Copying over "manx" files...
Copying over "response" files...
Copying over "sandcat" files...
Copying over "ssl" files...
Copying over "stockpile" files...
Copying over "training" files...
Plugin GUI source files copied!
vite v2.9.15 building for production...
✓ 1479 modules transformed.
dist/assets/favicon.cc1c341b.ico                   69.07 KiB
dist/assets/caldera-logo.6a24b35b.png              16.51 KiB
dist/assets/caldera-logo-mtn.88f0ff8a.png          36.07 KiB
dist/assets/darwin-icon-privileged.ffa7a1c2.svg    0.68 KiB
dist/assets/darwin-icon.95280721.svg               0.67 KiB
dist/assets/linux-icon-privileged.d1ede01c.svg     3.66 KiB
dist/assets/linux-icon.df96f069.svg                3.65 KiB
dist/assets/windows-icon-privileged.e4e076e8.svg   0.39 KiB
dist/assets/windows-icon.2e7338a5.svg              0.37 KiB
dist/index.html                                    0.46 KiB
dist/assets/access.a16b1610.js                     12.71 KiB / gzip: 3.97 KiB
dist/assets/atomic.f03c4323.js                     1.05 KiB / gzip: 0.62 KiB
dist/assets/builder.ade3631c.js                    1.08 KiB / gzip: 0.63 KiB
dist/assets/compass.b307cf9e.js                    5.22 KiB / gzip: 2.22 KiB
dist/assets/debrief.45ded466.js                    28.20 KiB / gzip: 7.41 KiB
dist/assets/emu.fae4e0c2.js                        1.56 KiB / gzip: 0.70 KiB
dist/assets/gameboard.418729bc.js                  21.79 KiB / gzip: 6.09 KiB
dist/assets/human.6cf7701a.js                      11.80 KiB / gzip: 3.46 KiB
dist/assets/manx.a3369b48.js                       6.54 KiB / gzip: 2.46 KiB
dist/assets/response.af4604f5.js                   1.60 KiB / gzip: 0.83 KiB
dist/assets/sandcat.b6d02ae5.js                    0.68 KiB / gzip: 0.44 KiB
dist/assets/ssl.ec1d38f2.js                        0.98 KiB / gzip: 0.62 KiB
dist/assets/stockpile.3e01dce9.js                  1.61 KiB / gzip: 0.77 KiB
dist/assets/training.cd9a3b0b.js                   8.96 KiB / gzip: 3.54 KiB
dist/assets/debrief.854158fe.css                   0.79 KiB / gzip: 0.34 KiB
dist/assets/compass.4b402f52.css                   0.12 KiB / gzip: 0.12 KiB
dist/assets/human.d7b43e12.css                     2.31 KiB / gzip: 0.78 KiB
dist/assets/gameboard.430857df.css                 2.01 KiB / gzip: 0.68 KiB
dist/assets/access.b689ce59.css                    0.32 KiB / gzip: 0.20 KiB
dist/assets/training.9d43ffbb.css                  3.86 KiB / gzip: 1.06 KiB
dist/assets/response.9692d0ec.css                  0.20 KiB / gzip: 0.13 KiB
dist/assets/manx.fdacbfd3.css                      3.11 KiB / gzip: 1.51 KiB
dist/assets/index.0f757c1d.css                     248.24 KiB / gzip: 33.80 KiB
dist/assets/index.3d595706.js                      1639.20 KiB / gzip: 527.21 KiB

(!) Some chunks are larger than 500 KiB after minification. Consider:
- Using dynamic import() to code-split the application
- Use build.rollupOptions.output.manualChunks to improve chunking: https://rollupjs.org/guide/en/#outputmanualchunks
- Adjust chunk size limit for this warning via build.chunkSizeWarningLimit.
2024-10-01 14:22:35 - INFO  (server.py:250 <module>) VueJS front-end build complete.
2024-10-01 14:22:37 - INFO  (contact_gist.py:70 start) Invalid Github Gist personal API token provided. Gist C2 contact will not be started.
2024-10-01 14:22:37 - INFO  (tunnel_ssh.py:26 start) Generating temporary SSH private key. Was unable to use provided SSH private key
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: fieldmanual
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: sandcat
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: training
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: stockpile
2024-10-01 14:22:38 - ERROR (c_plugin.py:91 _load_module) Error importing plugin=builder, No module named 'docker'
2024-10-01 14:22:38 - ERROR (c_plugin.py:59 load_plugin) Error loading plugin=builder, 'NoneType' object has no attribute 'description'
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: response
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: compass
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: debrief
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: manx
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: access
2024-10-01 14:22:38 - INFO  (app_svc.py:116 load) Enabled plugin: atomic
2024-10-01 14:22:38 - INFO  (logging.py:92 log) Creating SSH listener on 192.168.164.128, port 8022
2024-10-01 14:22:38 - INFO  (server.py:741 start) serving on 192.168.164.128:2222
2024-10-01 14:22:38 - WARNING (data_svc.py:436 _apply_special_extension_hooks) Unable to properly load .donut for payload plugins.stockpile.app.donut.donut_handler due to failed import
2024-10-01 14:22:38 - WARNING (app_svc.py:171 validate_requirement) upx does not meet the minimum version of 0.0.0. Upx is an optional dependency which adds more functionality. 
2024-10-01 14:22:39 - INFO  (file_util.py:137 copy_file) copying /home/pichi/workspace/caldera/plugins/sandcat/docs/Sandcat-Details.md -> /home/pichi/workspace/caldera/plugins/fieldmanual/sphinx-docs/plugins/sandcat
2024-10-01 14:22:39 - INFO  (file_util.py:137 copy_file) copying /home/pichi/workspace/caldera/plugins/stockpile/docs/Exfiltration-How-Tos.md -> /home/pichi/workspace/caldera/plugins/fieldmanual/sphinx-docs/plugins/stockpile
2024-10-01 14:22:39 - INFO  (file_util.py:137 copy_file) copying /home/pichi/workspace/caldera/plugins/magma/docs/skeleton.md -> /home/pichi/workspace/caldera/plugins/fieldmanual/sphinx-docs/plugins/magma
2024-10-01 14:22:39 - INFO  (file_util.py:137 copy_file) copying /home/pichi/workspace/caldera/plugins/debrief/docs/debrief_2023-02-24_17-08-14.pdf -> /home/pichi/workspace/caldera/plugins/fieldmanual/sphinx-docs/plugins/debrief
2024-10-01 14:22:39 - INFO  (file_util.py:137 copy_file) copying /home/pichi/workspace/caldera/plugins/debrief/docs/debrief1.png -> /home/pichi/workspace/caldera/plugins/fieldmanual/sphinx-docs/plugins/debrief
2024-10-01 14:22:39 - INFO  (file_util.py:137 copy_file) copying /home/pichi/workspace/caldera/plugins/debrief/docs/debrief3.png -> /home/pichi/workspace/caldera/plugins/fieldmanual/sphinx-docs/plugins/debrief
2024-10-01 14:22:39 - INFO  (file_util.py:137 copy_file) copying /home/pichi/workspace/caldera/plugins/debrief/docs/debrief2.png -> /home/pichi/workspace/caldera/plugins/fieldmanual/sphinx-docs/plugins/debrief
2024-10-01 14:22:51 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: ff78708e0e18d31c0be7a2be295158ec
2024-10-01 14:22:51 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 6fdc9037290299164d52b65219d628ef
2024-10-01 14:22:51 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: ae21aefd2d9933df45a4e55485fbc333
2024-10-01 14:22:51 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: d8f4e4e10f4d6da1b174bb18cb859e6c
2024-10-01 14:22:51 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 86ab6d7ecc05b7dabc7699a9e6a0a173
2024-10-01 14:22:51 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 5c922d92f383656401d5633ca23db497
2024-10-01 14:22:51 - WARNING (c_adversary.py:95 verify) Objective referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: c495a9828-cab1-44dd-a0ca-66e58177d8c. Setting default objective.
2024-10-01 14:22:51 - INFO  (hook.py:58 build_docs) Docs built successfully.
2024-10-01 14:22:52 - INFO  (server.py:90 run_tasks) All systems ready.
2024-10-01 14:22:52 - INFO  (server.py:91 run_tasks) 
 ██████╗ █████╗ ██╗     ██████╗ ███████╗██████╗  █████╗
██╔════╝██╔══██╗██║     ██╔══██╗██╔════╝██╔══██╗██╔══██╗
██║     ███████║██║     ██║  ██║█████╗  ██████╔╝███████║
██║     ██╔══██║██║     ██║  ██║██╔══╝  ██╔══██╗██╔══██║
╚██████╗██║  ██║███████╗██████╔╝███████╗██║  ██║██║  ██║
 ╚═════╝╚═╝  ╚═╝╚══════╝╚═════╝ ╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝

Error:

Any hint about what could be happening?

Thanks!

[github-actions]

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

[b1tst0rm]

Having same issue on Kali 2024.1. Weird though, I've not had this issue on Kali 2023.

There are no logs to help debug the issue even with -l DEBUG

Python 3.11.8
node v18.19.0

[b1tst0rm]

OK, I did some more debugging. To get relevant error output, use python -X dev server.py ... to enable Python Development Mode. You will then see the stack trace in the browser related to the 500.

500 Internal Server Error
Traceback:
Traceback (most recent call last):
  File "/opt/caldera/.venv/lib/python3.11/site-packages/aiohttp/web_protocol.py", line 452, in _handle_request
    resp = await request_handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/caldera/.venv/lib/python3.11/site-packages/aiohttp/web_app.py", line 512, in _handle
    match_info = await self._router.resolve(request)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/caldera/.venv/lib/python3.11/site-packages/aiohttp/web_urldispatcher.py", line 1022, in resolve
    match_dict, allowed = await resource.resolve(request)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/caldera/.venv/lib/python3.11/site-packages/aiohttp/web_urldispatcher.py", line 767, in resolve
    not request.url.raw_path.startswith(self._prefix2)
        ^^^^^^^^^^^
  File "aiohttp/_helpers.pyx", line 26, in aiohttp._helpers.reify.__get__
  File "/opt/caldera/.venv/lib/python3.11/site-packages/aiohttp/web_request.py", line 451, in url
    url = URL.build(scheme=self.scheme, host=self.host)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/caldera/.venv/lib/python3.11/site-packages/yarl/_url.py", line 385, in build
    netloc = cls._make_netloc(
             ^^^^^^^^^^^^^^^^^
  File "/opt/caldera/.venv/lib/python3.11/site-packages/yarl/_url.py", line 1057, in _make_netloc
    ret = cls._encode_host(host)
          ^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/caldera/.venv/lib/python3.11/site-packages/yarl/_url.py", line 1038, in _encode_host
    _host_validate(host)
  File "/opt/caldera/.venv/lib/python3.11/site-packages/yarl/_url.py", line 1607, in _host_validate
    raise ValueError(
ValueError: Host '10.10.0.118:8888' cannot contain ':' (at position 11)

The issue is with yarl. These folks had the same exact problem: home-assistant/core#126961

[b1tst0rm]

Submitted a pull request to resolve this issue.

#3063

[elegantmoose]

Merged @b1tst0rm PR. Try repulling down master branch.

[sdelgadoalvarez]

Merged @b1tst0rm PR. Try repulling down master branch.

It works!