unknown key in common.py

[remg427]

In common.py line 81 proxy_url = proxy_url + proxy['proxy_hostname'] + \ ':' + proxy['proxy_port'] + '/' should be proxy_url = proxy_url + proxy['proxy_url'] + \ ':' + proxy['proxy_port'] + '/'

[LetMeR00t]

Hi @remg427 , Suddenly, I have an issue with the usage of these proxies. In the instance list of TheHive/Cortex, we can specify proxies (http/https) to use if needed for each instance but what is the usage of a general proxy as you implemented in your last PR ? Is it the same thing ? or is it something like a "general proxy" behind Splunk when the instance proxies are proxies behind TheHive/Cortex instances ?

[LetMeR00t]

For what I understand from my code and your code, it's the same thing but it's not used well on my side. I will review how this is working to use username/password for proxies correctly too and provide a way to have a client certificate as required in #15

[remg427]

Hi Proxy implemented via configuration tab is the standard way of the addon builder. It assumes that there is only one proxy to access any thehive/cortex instances or no proxy at all. This way proxy password is correctly encrypted in storage password That why from kv store there is just a need for a Boolean flag whether to use proxy or not

Standard AOB code uses proxy_url if not mistaken and not proxy_hostname Hope it clarifies Still need to investigate why I cannot use proxy on one deployment Best -- Sent with K-9 Mail.

[LetMeR00t]

Hi @remg427 , I understand your point ... However I worked this afternoon with a version where you can have a dedicated proxy for each instance. "Theory" is working but I can't make it work in practice on my side.... You can provide a proxy URL with a dedicated account (stored in the Global accounts). If you want to perform some tests on your side, please test the last version of the dev branch that is up to date ...

I don't know if this is related to my proxy setup or if I have issues in my TA... Without proxies, it works well (even with the client certificate implementation) but not with an HTTP or HTTPs proxy... Let me know if you need some help and if you want to test the new code. Thank you

[LetMeR00t]

Hi @remg427 , I successfully managed to make it work. I checked with Wireshark what was the issue and I understand that my proxy wasn't configured well.

FYI, I created a proxy on my side using this configuration (apache2) :

Listen 8080

<VirtualHost 192.168.1.94:8080>
        SSLProxyEngine          On
        SSLProxyMachineCertificateFile /etc/pki/proxy/proxy_dev.crt.pem
        ProxyPreserveHost On
        ProxyRequests On
        ProxyPass               "/"          "https://THEHIVE_URL*/"
        ProxyPassReverse   "/"  "https://THEHIVE_URL"
</VirtualHost>

I configured my apache2 server to require a client certificate so that's why you have the first two lines about SSLProxy.

[LetMeR00t]

Hi @remg427 , "dev" branch is up to date. I successfully manage to connect to a HTTP proxy with or without basic authentication. However, if I set a HTTPS proxy, it doesn't work ... Anytime the script is running, it's performing an HTTP request (CONNECT) systematically... and I don't understand why as it's an HTTPS proxy that I've set up and it (the requests.post of my script) uses directly an HTTP request without establishing the SSL connection. Result is that the server refuses the connection as it' an HTTP request on a HTTPS proxy. I also tested to set the "proxy" dictionary with only the "https" key (I removed for a while the "http" key) but it doesn't changed anything...

So for now, everything is working except if your proxy is in HTTPS.

[LetMeR00t]

Hi @remg427, I will close this issue as I will push a new release and this is working for me in the new release. Let me know if you need help of if you find an issue :)