ATTACK-Python-Client icon indicating copy to clipboard operation
ATTACK-Python-Client copied to clipboard

Published 20 hours ago verified publisher icon OTRF

SSL certificate problem

Open sheetlaand opened this issue 2 years ago • 3 comments

Hey Roberto,

I'm currently facing an SSL certificate error while I'm trying to communicate with the TAXII server. Knowing that I encounter this problem when I am behind my corporate proxy, I think this problem could be solved by offering the user the possibility not to block the communication when an insecure certificate is encountered.

For example, I find the following error when I launch a cURL command line on the TAXII server: curl -H "Accept: application/vnd.oasis.taxii+json" https://cti-taxii.mitre.org/taxii/ curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

If I just add a -k parameter to the same cURL command line: curl -H "Accept: application/vnd.oasis.taxii+json" https://cti-taxii.mitre.org/taxii/ -k {"title":"CTI TAXII server","description":"This TAXII server contains a listing of ATT&CK domain collections expressed as STIX, including PRE-ATT&CK, ATT&CK for Enterprise, and ATT&CK Mobile.","contact":"[email protected]","default":"https://cti-taxii.mitre.org/stix/","api_roots":["https://cti-taxii.mitre.org/stix/"]}

I hope that my problem is clear enough, and I hope that a solution can be found. Best regards,

sheetlaand avatar Mar 30 '22 11:03 sheetlaand

Hello @sheetlaand !

I wonder if the verify method would work in TAXIIClient . I believe this is the same issue right? https://github.com/oasis-open/cti-taxii-client/issues/24?msclkid=eaba0bb3b03411ecbfe2f4ba2265c1cb

Cyb3rWard0g avatar Mar 30 '22 14:03 Cyb3rWard0g

Yeah, probably the same issue.

I tried to add a "verify=False" attribute to the Collection classes in the "attack_api.py" file (line 53 to 56), it works !

However, I think there must be a more conventional way to do this, do you have a coherent solution for me? Maybe since MITRE's attack certificate is issued by MITRE's internal certificate authority (https://github.com/oasis-open/cti-taxii-client/issues/33), I just need to use the "verify=False" setting when I am behind my company's proxy.

sheetlaand avatar Mar 30 '22 15:03 sheetlaand

Glad to hear the verify=False thing worked. I believe that should be the way how this should be handled. However, it needs to be added to the library itself so that the parameter can be used across all functions. Would that work?

Cyb3rWard0g avatar Apr 01 '22 04:04 Cyb3rWard0g