Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing to parse Maltego transform request message #44

Open
caolan opened this issue Mar 3, 2015 · 2 comments
Open

Failing to parse Maltego transform request message #44

caolan opened this issue Mar 3, 2015 · 2 comments

Comments

@caolan
Copy link

caolan commented Mar 3, 2015

I'm trying to run canari run-server to access a transform, it appears to expose the transforms through the HTTP server but when a request comes in from the TDS it fails to properly parse the request data. The incoming XML looks as follows:

<MaltegoMessage>
   <MaltegoTransformRequestMessage>
      <Entities>
         <Entity Type="DNSName">
            <AdditionalFields>
               <Field Name="fqdn" DisplayName="DNS Name">example.com</Field>
            </AdditionalFields>
            <Value>example.com</Value>
            <Weight>0</Weight>
         </Entity>
      </Entities>
      <Limits SoftLimit="12" HardLimit="12"/>
   </MaltegoTransformRequestMessage>
</MaltegoMessage>

This appears to match the models in canari/maltego/message.py, although I've had to change the msg = MaltegoTransformRequestMessage.parse(request_str).message line in MaltegoTransformRequestHandler.dotransform to msg = MaltegoMessage.parse(request_str).message otherwise it complains about receiving a MaltegoMessage tag (I've also tried just stripping that part of the request out, with no luck). This appears to get further parsing the request but I see no entities in the parsed request data - causing the transform request to fail with status code 400 and the message "Unsupported input entity!".

I'm still digging but any pointers would be much appreciated. Have you tried canari run-server with an iTDS server before?
@caolan
Copy link
Author

caolan commented Mar 4, 2015

I'm working in a fork here: https://github.com/caolan/canari - looks like I'm getting requests through now but I'll continue working with it before sending a pull request

@allfro
Copy link
Owner

allfro commented Mar 4, 2015

Hi Caolan

This has to do with an XML element ordering bug. I think there is an issue
in the project that has a resolution listed somewhere. I haven't looked
into it yet but all you need to do is disable strict XML parsing in the
MaltegoMessage class and friends. I will look into it and get back to you.
Also you should look into using plume as it is a much more reliable server.

Cheers

Nadeem

On Wednesday, March 4, 2015, Caolan McMahon [email protected]
wrote:

I'm working in a fork here: https://github.com/caolan/canari - looks like
I'm getting requests through now but I'll continue working with it before
sending a pull request


Reply to this email directly or view it on GitHub
#44 (comment).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caolan @allfro