search

allfro / canari

Local and Remote Maltego Rapid Transform Development Framework
http://www.canariproject.com
102 stars 27 forks source link

Failing to parse Maltego transform request message #44

Open caolan opened 9 years ago

caolan commented 9 years ago

I'm trying to run canari run-server to access a transform, it appears to expose the transforms through the HTTP server but when a request comes in from the TDS it fails to properly parse the request data. The incoming XML looks as follows:

<MaltegoMessage>
   <MaltegoTransformRequestMessage>
      <Entities>
         <Entity Type="DNSName">
            <AdditionalFields>
               <Field Name="fqdn" DisplayName="DNS Name">example.com</Field>
            </AdditionalFields>
            <Value>example.com</Value>
            <Weight>0</Weight>
         </Entity>
      </Entities>
      <Limits SoftLimit="12" HardLimit="12"/>
   </MaltegoTransformRequestMessage>
</MaltegoMessage>

This appears to match the models in canari/maltego/message.py, although I've had to change the msg = MaltegoTransformRequestMessage.parse(request_str).message line in MaltegoTransformRequestHandler.dotransform to msg = MaltegoMessage.parse(request_str).message otherwise it complains about receiving a MaltegoMessage tag (I've also tried just stripping that part of the request out, with no luck). This appears to get further parsing the request but I see no entities in the parsed request data - causing the transform request to fail with status code 400 and the message "Unsupported input entity!".

I'm still digging but any pointers would be much appreciated. Have you tried canari run-server with an iTDS server before?

caolan commented 9 years ago

I'm working in a fork here: https://github.com/caolan/canari - looks like I'm getting requests through now but I'll continue working with it before sending a pull request

allfro commented 9 years ago

Hi Caolan

This has to do with an XML element ordering bug. I think there is an issue in the project that has a resolution listed somewhere. I haven't looked into it yet but all you need to do is disable strict XML parsing in the MaltegoMessage class and friends. I will look into it and get back to you. Also you should look into using plume as it is a much more reliable server.

Cheers

Nadeem

On Wednesday, March 4, 2015, Caolan McMahon notifications@github.com wrote:

I'm working in a fork here: https://github.com/caolan/canari - looks like I'm getting requests through now but I'll continue working with it before sending a pull request

— Reply to this email directly or view it on GitHub https://github.com/allfro/canari/issues/44#issuecomment-77142628.