The manual installation process has been tested and confirmed to work on Ubuntu 14.04. It should be possible to install ChopShop on most POSIX-compliant operating systems, though in some cases package names or build steps may be different than shown below. If you run into problems, please file an issue in the GitHub repository. Pull requests to improve the installation process or documentation for other platforms are encouraged!
Once you install Docker, you can fetch the ChopShop Docker image:
$ docker pull mitrecnd/chopshop
You can run a container using a command such as the following:
$ docker run --rm -it -v /path/to/folder/pcap:/pcap mitrecnd/chopshop -f my.pcap "http | http_extractor"
-f my.pcap "http | http_extractor" are passed directly to the
chopshop program. For more information on the
chopshop command and its
options, see chopshop - command line interface to ChopShop. For more information on using ChopShop with
Docker, see the
Using the Makefile¶
The recommended method for manually installing ChopShop is to use the included Makefile. This file can also be used to check for required dependencies.
Download the latest stable version of ChopShop from the Releases page (replacing
X.Ywith the latest version):
$ wget https://github.com/MITRECND/chopshop/archive/RELEASE_X.Y.tar.gz $ tar xf RELEASE_X.Y.tar.gz $ cd chopshop-RELEASE_X.Y
Alternatively, you can clone the most recent version from GitHub. The master branch may have fixed bugs from the prior stable version, and may contain additional features added since the latest release:
$ git clone https://github.com/MITRECND/chopshop.git $ cd chopshop
Install ChopShop. By default, ChopShop will be installed into
/usr/local, but you can change this with the
PREFIXenvironment variable. You can also change the owner and group of the ChopShop files with
GROUP, and specify the path to particular Python interpreter with
$ sudo make install
Install ChopShop dependencies. The Makefile contains a
dependency-checktarget that can be used to verify which dependencies are installed:
$ make dependency-check
The only dependency required by the ChopShop core is
pynids. Several modules have their own dependencies. Information on installing particular dependencies can be found below.
Run ChopShop. Assuming the
chopshopprogram was installed onto your path, you can run it with a command like:
$ chopshop -f my.pcap "http | http_extractor"
For more information on the
chopshopcommand and its options, see chopshop - command line interface to ChopShop.
Using a virtualenv¶
If you want to try out ChopShop with minimal changes to your underlying system,
or want isolate ChopShop from other projects with potentially conflicting
dependencies, ChopShop can also be installed into a virtualenv. As with the
Makefile approach, this can be done using either a tagged release of ChopShop,
or a cloned copy of the source repository. Dependencies should be installed
into the virtualenv; make sure the virtualenv is activated, or you’re otherwise
pip binary from the virtualenv:
$ ... $ /path/to/virtualenv/bin/pip install ... $ ...
You can also use symlinks or create the virtualenv with
--system-site-packages if you need OS-provided packages (such as with
M2Crypto on Ubuntu).
You can use the Makefile to check the dependencies installed in your virtualenv
as well. Make sure you use the
PYTHON environment variable to point to the
virtualenv’s Python interpreter:
(my_env)$ PYTHON=`which python` make dependency-check
ChopShop depends on several C libraries, with their corresponding Python
wrappers. This guide assumes that you are familiar with installing packages. On
Ubuntu, you should have the
$ sudo apt-get install build-essential python-dev
For installing Python packages, pip is highly recommended.
Other OS-provided packages may be need for specific dependencies. They are listed below.
If you are installing into a virtualenv, you do not need to use
sudo to run
python setup.py install or
pip install commands.
$ sudo apt-get install libnet1-dev libpcap-dev
To install pynids, run the following:
$ git clone https://github.com/MITRECND/pynids.git $ cd pynids $ sudo python setup.py install
$ sudo apt-get install zlib1g-dev
$ git clone https://github.com/MITRECND/htpy.git $ cd htpy $ sudo python setup.py install
The dns_extractor module can optionally store data into MongoDB, when
-m flag. Instructions for installing MongoDB are beyond the
scope of this guide, but you can install pymongo with the following command:
$ sudo pip install pymongo
dnslib is required by the dns module. It can be installed with pip:
$ sudo pip install dnslib
$ sudo apt-get install autoconf libtool
To install libemu:
$ git clone https://github.com/buffer/libemu.git $ cd libemu $ autoreconf -v -i $ ./configure --prefix=/usr/local $ sudo make install $ sudo ldconfig
Then, install pylibemu with pip:
$ sudo pip install pylibemu
$ wget https://github.com/plusvic/yara/archive/v3.4.0.tar.gz $ tar xf v3.4.0.tar.gz $ cd yara-3.4.0 $ ./bootstrap.sh $ ./configure $ sudo make install $ sudo ldconfig $ cd yara-python $ sudo python setup.py install
Then, install yaraprocessor with pip:
$ sudo pip install yaraprocessor