search

Cisco-Talos / FIRST-plugin-ida

GNU General Public License v2.0
99 stars 29 forks source link

Can't establish connection with server #31

Closed qfrtt closed 4 years ago

qfrtt commented 4 years ago

Hi, I can't seem to configure properly the plugin

image

xabiugarte commented 4 years ago

Hi, there have been some issues with python requests and Cloudfare in the past. Please, make sure that you are using the latest version of the plugin from the master branch.

Also, please try to run the following python script so that we can get a more informative error of what is going on:

import requests
import sys

g_network_headers = {}

VERSION = 'BETA'
DATE = 'May 2018'

g_network_headers['User-Agent'] = "FIRST {} {} Cython {}({}.{}.{}) {}".format(
    VERSION,
    DATE,
    sys.api_version,
    sys.version_info.major,
    sys.version_info.minor,
    sys.version_info.releaselevel,
    sys.platform
    )

print("WITHOUT HEADERS")
print("===============")
r = requests.get("https://first.talosintelligence.com/api/test_connection/YOUR_API_KEY")
print(r.status_code)
print(r.text)

print("WITH HEADERS")
print("============")
r = requests.get("https://first.talosintelligence.com/api/test_connection/YOUR_API_KEY", headers=g_network_headers)
print(r.status_code)
print(r.text)
import requests
import sys

g_network_headers = {}

VERSION = 'BETA'
DATE = 'May 2018'

g_network_headers['User-Agent'] = "FIRST {} {} Cython {}({}.{}.{}) {}".format(
    VERSION,
    DATE,
    sys.api_version,
    sys.version_info.major,
    sys.version_info.minor,
    sys.version_info.releaselevel,
    sys.platform
    )

print("WITHOUT HEADERS")
print("===============")
r = requests.get("https://first.talosintelligence.com/api/test_connection/YOUR_API_KEY")
print(r.status_code)
print(r.text)

print("WITH HEADERS")
print("============")
r = requests.get("https://first.talosintelligence.com/api/test_connection/YOUR_API_KEY", headers=g_network_headers)
print(r.status_code)
print(r.text)
qfrtt commented 4 years ago

Hi,

Here's the output

`WITHOUT HEADERS

403 <!DOCTYPE html>

Access denied | first.talosintelligence.com used Cloudflare to restrict access

Error 1020 Ray ID: 57eeaa9c6ad1f981 • 2020-04-04 23:04:05 UTC

Access denied

What happened?

This website is using a security service to protect itself from online attacks.

Cloudflare Ray ID: 57eeaa9c6ad1f981 Your IP: 67.216.57.56 Performance & security by Cloudflare

WITH HEADERS

200 {"status" : "connected"} WITHOUT HEADERS

403 <!DOCTYPE html>

Access denied | first.talosintelligence.com used Cloudflare to restrict access

Error 1020 Ray ID: 57eeaa9e881ff981 • 2020-04-04 23:04:06 UTC

Access denied

What happened?

This website is using a security service to protect itself from online attacks.

Cloudflare Ray ID: 57eeaa9e881ff981 Your IP: 67.216.57.56 Performance & security by Cloudflare

WITH HEADERS

200 {"status" : "connected"}`

xabiugarte commented 4 years ago

Can you make sure that you are using the latest version of the plugin from the master branch?

It seems that everything is working on your end when the proper headers are used in the request.

This fix was merged into master some time ago.

qfrtt commented 4 years ago

Yep fixed it thx