search

cloudtracer / ThreatPinchLookup

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
https://chrome.google.com/webstore/detail/threatpinch-lookup/ljdgplocfnmnofbhpkjclbefmjoikgke
344 stars 76 forks source link

Hash of Concatenated Header Information Required for API Lookup #66

Open cicakdinding01 opened 6 years ago

cicakdinding01 commented 6 years ago

Hi,

Am currently looking at a new integration - this integration requires several items, including a header information, which is a hash check of all the other header information concatenated together.

Also, one of the header ("date") is a dynamic value, generated from the time stamp of the client.

Question: Is this worth embarking on / technically achievable within the browser only, without a thick client. Note that example codes are provided in Python, Java, PHP, C++ and C#.

X-Auth-Hash header calculation:

  1. Take the request path and query string for the request. The request path is the part of the URL after the https://api.cti_provider.com. For example, for the following basic search request: http://api.cti_provider.com/search/basic?domain=abc.com, the part of the URL to be taken is: /search/basic?domain=abc.com

  2. Concatenate with the value specified in the "Accept-Version" header (defined earlier, fixed value).

  3. Concatenate with the value specified in the "Accept header" (defined earlier, fixed value)

  4. Concatenate with the current time stamp value of the client specified in the "Date" header (defined earlier, the time stamp needs to be dynamically calculated).

  5. Calculate the HMAC-SHA256 digest for the string obtained after following Step 1 to Step 4 above.

  6. Populate the "X-Auth-Hash" header with this value.

cloudtracer commented 6 years ago

The API sounds like a pain in the butt :).

I can probably expand the jexl expressions to allow most of this (getting the date, concatenating the values then hashing them, etc), but I'd also have to expand the jexl expressions to work at request time. Which is cool, it shouldn't be a problem.

I just want to make sure I'm not missing anything. Could you throw together some javascript or pseudo code that can perform the steps and show what variables we need to collect from any responses and then use in any requests and how its all thrown together to make the API request? It sounds like other than the date the rest of the values are mostly hard coded except the hash which would be calculated based on the other values which seems straight forward.

Working on some other items right now for a bigger-ish release in the next week or two but I can try and squeeze this in. I can make sure I don't mess it up if you can get some javascript code together that makes the requests (doesn't need to be working example with the domain or anything just demonstrate what needs to be manipulated for the XHR request). Any JS is fine, jquery, pure whatever.

Also throw together an example of the variables with static values, what they concatenate to, and what the hash value ends up being. This will just give me a working example that I can use to make sure the hash is being produced properly and something wonky isn't going on with white space or with the expressions themselves.

Any chance you can share what API this is for?

cicakdinding01 commented 6 years ago

Hi cloudtracer, can we link up in private to discuss further on this? I have the details required to share.

Thanks.