From eb30e0ae07331fb612bdc7e39e3f9ae056fded22 Mon Sep 17 00:00:00 2001 From: Olivier Bilodeau Date: Tue, 9 Aug 2016 14:28:30 -0400 Subject: [PATCH 1/3] Installing npcap instead of winpcap (fixes #2) There are still issues with the npcap package which prevent this fix from being merged in master. --- malboxes/config-example.js | 2 +- malboxes/profiles/snippets/provision_powershell.json | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/malboxes/config-example.js b/malboxes/config-example.js index ed26d7d..15224a1 100644 --- a/malboxes/config-example.js +++ b/malboxes/config-example.js @@ -33,7 +33,7 @@ // Chocolatey packages to install on the VM // TODO re-add dependencywalker and regshot once upstream choco package provides a checksum - "choco_packages": "sysinternals windbg wireshark 7zip putty fiddler4 processhacker apm", + "choco_packages": "sysinternals windbg 7zip putty fiddler4 processhacker apm", // Setting the IDA Path will copy the IDA remote debugging tools into the guest //"ida_path": "/path/to/your/ida", diff --git a/malboxes/profiles/snippets/provision_powershell.json b/malboxes/profiles/snippets/provision_powershell.json index eb8b4d3..4f45ba3 100644 --- a/malboxes/profiles/snippets/provision_powershell.json +++ b/malboxes/profiles/snippets/provision_powershell.json @@ -12,6 +12,8 @@ { "type": "windows-shell", "inline": [ + "choco install npcap --version 0.08 --package-parameters '/winpcap_mode=yes' -y", + "choco install --ignore-dependencies wireshark -y", "choco install {{ choco_packages }} -y" ] } From 64f97e516b0d80483d4e171868acb02a84a413a4 Mon Sep 17 00:00:00 2001 From: Olivier Bilodeau Date: Mon, 9 Jan 2017 11:41:29 -0500 Subject: [PATCH 2/3] Using latest npcap and put wireshark back in choco_packages Wireshark doesn't force dependencies so there was no need to treat it separately. --- malboxes/config-example.js | 2 +- malboxes/profiles/snippets/provision_powershell.json | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/malboxes/config-example.js b/malboxes/config-example.js index 15224a1..f19a44f 100644 --- a/malboxes/config-example.js +++ b/malboxes/config-example.js @@ -33,7 +33,7 @@ // Chocolatey packages to install on the VM // TODO re-add dependencywalker and regshot once upstream choco package provides a checksum - "choco_packages": "sysinternals windbg 7zip putty fiddler4 processhacker apm", + "choco_packages": "sysinternals windbg 7zip putty fiddler4 processhacker apm wireshark", // Setting the IDA Path will copy the IDA remote debugging tools into the guest //"ida_path": "/path/to/your/ida", diff --git a/malboxes/profiles/snippets/provision_powershell.json b/malboxes/profiles/snippets/provision_powershell.json index 4f45ba3..fa27dbb 100644 --- a/malboxes/profiles/snippets/provision_powershell.json +++ b/malboxes/profiles/snippets/provision_powershell.json @@ -12,8 +12,7 @@ { "type": "windows-shell", "inline": [ - "choco install npcap --version 0.08 --package-parameters '/winpcap_mode=yes' -y", - "choco install --ignore-dependencies wireshark -y", + "choco install npcap --package-parameters '/winpcap_mode=yes' -y", "choco install {{ choco_packages }} -y" ] } From b06d0cee1772c3afcc00a9d38ea9dc0bbe617f16 Mon Sep 17 00:00:00 2001 From: Olivier Bilodeau Date: Mon, 9 Jan 2017 13:55:51 -0500 Subject: [PATCH 3/3] Updated Changelog --- CHANGELOG.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc index 92e0c1b..1c19171 100644 --- a/CHANGELOG.adoc +++ b/CHANGELOG.adoc @@ -17,7 +17,8 @@ Enhancements:: * Config: `tools_path` will upload all of this Path's content into `C:\Tools` ({uri-issue}8[#8]) * Config: `username` and `password` support ({uri-issue}11[#11]) * Config: Added `windows_defender`, `windows_updates`, `disk_size` and `choco_packages` options ({uri-issue}11[#11], {uri-issue}14[#14]) - * Installing `fiddler4` instead of `fiddler` + * Provides `fiddler4` instead of `fiddler` + * Provides `npcap` instead of `winpcap` which works with Windows 10 ({uri-issue}2[#2], {uri-issue}26[#26]) * Added `--debug` and `--skip` command-line flags ({uri-issue}20[#20]) * Added tests