canari icon indicating copy to clipboard operation
canari copied to clipboard

Published 20 hours ago verified publisher icon allfro

Failing to parse Maltego transform request message

Open caolan opened this issue 9 years ago • 2 comments

I'm trying to run canari run-server to access a transform, it appears to expose the transforms through the HTTP server but when a request comes in from the TDS it fails to properly parse the request data. The incoming XML looks as follows:

<MaltegoMessage>
   <MaltegoTransformRequestMessage>
      <Entities>
         <Entity Type="DNSName">
            <AdditionalFields>
               <Field Name="fqdn" DisplayName="DNS Name">example.com</Field>
            </AdditionalFields>
            <Value>example.com</Value>
            <Weight>0</Weight>
         </Entity>
      </Entities>
      <Limits SoftLimit="12" HardLimit="12"/>
   </MaltegoTransformRequestMessage>
</MaltegoMessage>

This appears to match the models in canari/maltego/message.py, although I've had to change the msg = MaltegoTransformRequestMessage.parse(request_str).message line in MaltegoTransformRequestHandler.dotransform to msg = MaltegoMessage.parse(request_str).message otherwise it complains about receiving a MaltegoMessage tag (I've also tried just stripping that part of the request out, with no luck). This appears to get further parsing the request but I see no entities in the parsed request data - causing the transform request to fail with status code 400 and the message "Unsupported input entity!".

I'm still digging but any pointers would be much appreciated. Have you tried canari run-server with an iTDS server before?

caolan avatar Mar 03 '15 16:03 caolan

I'm working in a fork here: https://github.com/caolan/canari - looks like I'm getting requests through now but I'll continue working with it before sending a pull request

caolan avatar Mar 04 '15 11:03 caolan

Hi Caolan

This has to do with an XML element ordering bug. I think there is an issue in the project that has a resolution listed somewhere. I haven't looked into it yet but all you need to do is disable strict XML parsing in the MaltegoMessage class and friends. I will look into it and get back to you. Also you should look into using plume as it is a much more reliable server.

Cheers

Nadeem

On Wednesday, March 4, 2015, Caolan McMahon [email protected] wrote:

I'm working in a fork here: https://github.com/caolan/canari - looks like I'm getting requests through now but I'll continue working with it before sending a pull request

— Reply to this email directly or view it on GitHub https://github.com/allfro/canari/issues/44#issuecomment-77142628.

allfro avatar Mar 04 '15 12:03 allfro