search

Yelp / osxcollector

A forensic evidence collection & analysis toolkit for OS X
http://yelp.github.io/osxcollector
Other
1.88k stars 243 forks source link

virustotal.LookupURLsFilter fails if URLs are longer than 2000 chars #83

Closed ivanlei closed 8 years ago

ivanlei commented 9 years ago

As the resource parameter in {{url/report}} VirusTotal method is send over HTTP GET it encodes the parameters in a URL query.

This could cause for some of the requests an erroneous situation where the resource parameter could not fit into the URL.

There is a debug output in {{osxcollector/output_filters/util/http.py}} that prints the URL for each request. For the failed requests the URL seems to not contain any query parameters:

[ERROR] url[https://www.virustotal.com/vtapi/v2/url/report] status_code[<UNKNOWN>]
https://www.virustotal.com/vtapi/v2/url/report
[ERROR] url[https://www.virustotal.com/vtapi/v2/url/report] status_code[<UNKNOWN>]
https://www.virustotal.com/vtapi/v2/url/report
[ERROR] url[https://www.virustotal.com/vtapi/v2/url/report] status_code[<UNKNOWN>]
https://www.virustotal.com/vtapi/v2/url/report

So it rather looks like some limitation in the Requests package than some shortcoming of VirusTotal API.

jjsendor commented 8 years ago

Migrated to https://github.com/Yelp/osxcollector_output_filters/issues/2