Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
We host our own Builder and credentials are required to access the site. Our instance of Builder has a local folder of .afb files inside the web root. This allows us to send authorised users direct links to flows, like this:
https://builder-site.com/?src=flows/flow1.afb
... while ensuring the site and the flow files are protected.
However, this doesn't work using the current version. The reason for this is it is not sending the site's cookies to flow files defined as the src URL parameter. This is due to the specific omit flag in the fromUrl function.
This PR makes one small change to remove the omit flag to fetch, and let it use its default behaviour of sending credentials for same-origin requests.
I am not a Javascript expert, so I apologise if I am making some obvious mistakes here.
Thanks so much for all the work you do at MITRE, we really appreciate the great resources you share with the world.
We host our own Builder and credentials are required to access the site. Our instance of Builder has a local folder of
.afb
files inside the web root. This allows us to send authorised users direct links to flows, like this:https://builder-site.com/?src=flows/flow1.afb
... while ensuring the site and the flow files are protected.
However, this doesn't work using the current version. The reason for this is it is not sending the site's cookies to flow files defined as the
src
URL parameter. This is due to the specificomit
flag in thefromUrl
function.This PR makes one small change to remove the
omit
flag to fetch, and let it use its default behaviour of sending credentials for same-origin requests.I am not a Javascript expert, so I apologise if I am making some obvious mistakes here.
Thanks so much for all the work you do at MITRE, we really appreciate the great resources you share with the world.
Documentation on fetch