Parrot security and Ubuntu Focal templates

unman · April 16, 2022, 1:33pm

An updated Parrot template is available at
https://qubes.3isec.org/Templates

I’ve also uploaded packages for Debian-12, bookworm for 4.1.
You can build these from qubes-builder, but the packages aren’t yet
available from official repositories.
Check out the instructions at https://qubes.3isec.org/

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

Szewcu · April 16, 2022, 1:43pm

Should I understand that Parrot will be included as official template in near future?

unman · April 16, 2022, 2:03pm

Should I understand that Parrot will be included as official template in near future? I doubt it.

There are many distros based on the official templates which are
straight forward to build.
I build a lot, and make some of them generally available.

I’ve posted notes before which explain how to roll your own distro
template.

mantis999 · April 21, 2022, 2:06pm

Awesome work @unman

I’m having difficulty with installing a Parrot template.

When running the command:

sudo dnf install parrot_temp.rpm

or

sudo dnf install qubes-template parrot_temp.rpm

Dom0 responds with Cannot load RPM file

I’m sure I’m doing something very silly

Any suggestions would be greatly appreciated.

enmus · April 21, 2022, 2:09pm

My bad

mantis999 · April 21, 2022, 2:53pm

I think this could be to do with the signing of the .rpm

When following these instructions:

You will need to copy the key in to dom0:
qvm-run -p qube 'cat PATH_TO_KEY ' > unman.pub
and then import it: sudo rpm --import unman.pub

I get error: unman.pub: import read failed(0)
and
error: unman-public.pgp: import read failed(0)

B_ryr · April 23, 2022, 6:37pm

Thanks unman for your hard work, enjoy everything you and the others do…New parrot template unman did installed just fine. With the new parrot template the apps are not launching right. If I click like “run terminal” and parrot template will start but it will not launch “run terminal”. I have to go back in and click it again then it will populate.
Also I can’t install like “terminator” or even update/upgrade…
I am getting…
Ign:1 http://HTTPS///deb.parrot.sh/
500 Unable to connect [IP: 127.0.01 8082]
Err:1 Failed to fetch http://HTTPS//

How do I fix this?
Do I have to edit or remove

B_ryr · April 23, 2022, 10:19pm

Parrot will not update from qubes manager as well. I right click on parrot template and click on update and nothing happens. Thought I would just add that.

enmus · April 23, 2022, 11:33pm

Rolling distros - Parrot, Arch, Kali
Templates like Parrot or Kali are based on Debian testing.
To avoid breakage when updating, the core Qubes packages are on hold.
This means that they will not be updated.
You can confirm this by running apt-mark showhold in the template.
apt-mark unhold will remove the hold, and allow you to update the Qubes packages.
I suggest you restore the hold apt-mark hold to make sure that the Qubes packages are not removed when updating other packages.
So, while updating a template you will see that some packages cannot be upgraded because they will conflict with the Qubes packages.
Periodically, in the template, remove the hold on the Qubes packages. Update the package list with apt update and then update the Qubes packages - either manually with apt install... , or using a manager like aptitude, and selecting Qubes packages for upgrade.
Once the upgrade has been completed, put the Qubes packages back on hold, and upgrade again.
Undoubtedly a pain, but less than the pain of breaking your qubes, and having to crawl backwards to get them working again.
Then again, if you use aptitude you would be able to see what changes would be made, opt to retain the Qubes packages - always keep the Qubes packages , and avoid breakage that way. This depends on you looking to see what changes will be made and acting accordingly. Using apt-mark hold will take some pressure off.

https://qubes.3isec.org/Templates_4.1/README.html

blatchard · May 6, 2022, 12:14am

I have to admit, i’m totally confused by what this is and what it does, I changed my sources to just https, but i’m fairly sure that isn’t the idea? searched the forum and the net for “https://HTTPS///” and didn’t come up with anything.

Scrolled further back on this post and saw about apt-cacher-ng. Am sticking with changing to https as I don’t really need this.

unman · May 23, 2022, 12:39pm

I’ve been away.

The repos are configured to use a caching proxy.
Any proxy has to find a way to deal with encrypted requests -
https://…

Some solutions are:
MITM - the proxy intercepts the request, sends it own https request, and
returns cached
Don’t cache https request
Rewrite the client request: http://HTTPS/// means that the request is
sent to the proxy as http, and the proxy then rewrites it to https://
This means that outbound traffic still uses https, but the proxy can see
all requests and cached the packages.

Rewriting the repository definitions is fine:
sed -i s^http://HTTPS///^https://^ REPO_DEFINITION will do it.

B_ryr · May 23, 2022, 5:44pm

Thank you uman for all your help!
Glad you are back

B_ryr · May 24, 2022, 10:43am

Could someone explain how or where I would do this?

Is there a path to a file where I would enter this?
Example…sudo nano /etc/?/?

tzwcfq · May 24, 2022, 10:52am

I guess it’s for /etc/apt/source.list and /etc/apt/source.list.d/* but you can search for the files with this:

sudo grep -lr "http://HTTPS///" /etc

And if it’s source.list files then you can replace strings like this:

sudo sed -i s^http://HTTPS///^https://^ /etc/apt/source.list /etc/apt/source.list.d/*

B_ryr · May 24, 2022, 6:01pm

@tzwcfq thank you, I will try that later

unman · May 25, 2022, 3:44pm

sed is a Stream EDitor - it allows you to make changes to files.
Breaking it down:

REPO_DEFINITION - the file (or files) you want to change.
-i - edits files in place. Without this the edited file will be
shown in the terminal, but the original file will not be changed.
s ^TEXT^REPLACEMENT^ - Substitutes TEXT with REPLACEMENT - you can
use other delimiters

So the whole line will change the text http://HTTPS/// to https://
everywhere in the files you specify.

sed is a great tool for mass editing, and has many features.
Useful tip - If you use sed -ibk then the file will be edited in place but a backup
will be stored with suffix you specify - in this case bk

Joost · October 24, 2022, 6:29pm

Thanks @unman, and thank you to the qubes team for creating/maintaining this great project. I used it 4 years ago, however, due to school i had to switch back to Windows. Now, 4 years later, i can use Qubes for work, school, pentesting etc. etc.!

CanIGetHelp · December 4, 2022, 11:53pm

I have captured wifi handshakes using Parrot OS in Qubes.
I need to extract these handshakes from my Parrot VM and send them to a different VM.

I don’t see any file system application available within my Parot OS VM.

What commands can be ran in the CLI to extract my handshakes to a different VM?

enmus · December 5, 2022, 7:20pm

This post is duplicate of

and completely offtopic.

ConoRZ · March 9, 2023, 11:18am

any updates on here? i also installed unmans cacher now because i thought this would be the problem.
if i try sudo apt update i would get this back:

┌─[✗]─[user@parrot-hacking]─[~]
└──╼ $sudo apt update
Ign:1 https://deb.parrot.sh/parrot parrot InRelease
Ign:2 https://deb.qubes-os.org/r4.2/vm bookworm InRelease                                  
Ign:3 https://deb.parrot.sh/parrot rolling-security InRelease                              
Ign:1 https://deb.parrot.sh/parrot parrot InRelease  
Ign:2 https://deb.qubes-os.org/r4.2/vm bookworm InRelease
Ign:3 https://deb.parrot.sh/parrot rolling-security InRelease
Ign:1 https://deb.parrot.sh/parrot parrot InRelease  
Ign:2 https://deb.qubes-os.org/r4.2/vm bookworm InRelease
Ign:3 https://deb.parrot.sh/parrot rolling-security InRelease
Err:1 https://deb.parrot.sh/parrot parrot InRelease  
  Invalid response from proxy: HTTP/1.0 403 CONNECT denied (ask the admin to allow HTTPS tunnels)     [IP: 127.0.0.1 8082]
Err:2 https://deb.qubes-os.org/r4.2/vm bookworm InRelease
  Invalid response from proxy: HTTP/1.0 403 CONNECT denied (ask the admin to allow HTTPS tunnels)     [IP: 127.0.0.1 8082]
Err:3 https://deb.parrot.sh/parrot rolling-security InRelease
  Invalid response from proxy: HTTP/1.0 403 CONNECT denied (ask the admin to allow HTTPS tunnels)     [IP: 127.0.0.1 8082]
Reading package lists... Done                        
E: Failed to fetch https://deb.parrot.sh/parrot/dists/parrot/InRelease  Invalid response from proxy: HTTP/1.0 403 CONNECT denied (ask the admin to allow HTTPS tunnels)     [IP: 127.0.0.1 8082]
E: Failed to fetch https://deb.parrot.sh/parrot/dists/rolling-security/InRelease  Invalid response from proxy: HTTP/1.0 403 CONNECT denied (ask the admin to allow HTTPS tunnels)     [IP: 127.0.0.1 8082]
E: Failed to fetch https://deb.qubes-os.org/r4.2/vm/dists/bookworm/InRelease  Invalid response from proxy: HTTP/1.0 403 CONNECT denied (ask the admin to allow HTTPS tunnels)     [IP: 127.0.0.1 8082]
E: Some index files failed to download. They have been ignored, or old ones used instead.
┌─[✗]─[user@parrot-hacking]─[~]
└──╼ $

i also tried kali (but not the one from unman, the community one from the template-gui) and if i would fully update it, i would get a qrexec error, so it cant start.
im using the parrot-full btw.
and cacher should be fine, because if i want to update, i can see the cacher is starting