davidpshaw / PyWBXMLDecoder

An ActiveSync WAP Binary XML (ASWBXML) Decoder Written in Python
MIT License
18 stars 5 forks source link

Unable to decode WBXML #8

Open trimmytech opened 1 year ago

trimmytech commented 1 year ago

Thank you david for this wonderful peace

I am geting error while using this with mitmproxy. :

Couldn't parse: falling back to Raw.

its unable to decode the wbxml , please help. Below is the sample raw :

\x8f\x83T\xde\x8d\x94i0\x8d\xb6\x8bJ2%\x19\xde\xd2\xd3\xa1\xa4\xf6\x17\xfe{\xabL)D\xa3\xfe_](\xe2\xa6\x84\x82\xbb7I\xf3\x8bS\xe1\xb8\xe2\x85\xe6$\xecm\x92\xb5\xf5\xc1 \xaf!gM\x15z7\xc3h\xf7\b\xe3\xea\xac^\xd2\xe95\x9a\xf6\xcc\x9c\xa6nS\xec\xf3\x82\x0f#-\x80+\xa0\xce\xcc\xf5\x995\x8f\xb0\xdc\x80Q(!N\x1f>y\xbd\xa5(\xce?\xcc\xd9\x7fV\xaf\xf2\xcc\xe7a\x9b\x1c\xde2G\x8d\x85\xf5\xdabR\x0ct\x7f\xaa\xcc\xc8\xd4\x93\xa0 \xa5\x8e\xd3\xca/a\x96-_\xf6p\x82\xb2\xd8p\xed\xd3\x9d\xfd\xbev\xcb\xb6\xd5\xa9\xd5|\xbd\xe6\xe9\x144A#0K|\xe1~{\xa7\xc6c\x85\xf2Z\x94\x1b\xe8\xae\xe6\xdcf\x0bfR\xad\xfb.\x9d4\x1d\xd4\xc6\xeeIM6a\xd6\x0c\x1c!/\xf4@\xf0\xfa\x8c0\xa0\xd9\xfc\xfc\x9c\xbfc\xa4jR?\xde\x96\xa2\x11*\xfc\x15RX\xe5$\x89\x82+\xf5\x88D\x8f\xf3`\xd38\xe0r \xb5-1.<\xa5\x8d\x90\xaa\xe8O\xed\x9cE\xd0\xf6h\x14\xbe\xdc\xce\x02\xedO\x00\\x9a\x8b\xfdmz0z\x1e\xba\x92\xe8HB\xd3\x85\xb3\xd6\x92\xa4'\xac\x13\xb8\\xae#9n\xa4=\xe0\xa8\x13k\x00\xb0\N\x85\xe4\xf7\xc0ad\x9e\xd4\x0f1l\m\xb0\x97\xbc Z\x1f\xb7))XHiq\xd8)\xa1bX\x90\xaf\x05\x8c6\x99P\x82~#h\xda\x18zd[o"\xd5O\xc0N\x1e\x0c[\xbb\xc4

albin-lindstrom commented 1 year ago

What are the request headers? The response might be gzipped.

trimmytech commented 1 year ago

Thank you so much for your response :

Request Header :

POST https://xxxxxx Unique-ID: ES20oZ5SyLevlkrLFcvQNX3KmA===DI x-device-token: 6039 X-Unique-ID: ES20oZ5SyLevlkrLFcvQNX3KmA===DI Accept-Encoding: gzip Content-Type: application/vnd.wap.wbxml os_version: 23 User-Agent: 1.1.3.10914/android x-user-agent: 1.1.3.10914/android X-Cookie: 2.4378671561350.4880387716692.48.a6c2bd9e03815f74.c652b0e841df79a3.537bd687559bb4cb2137c3b6631f93a62d6f17788d016e781b20267d1fee3603|2 DENSITY: 2.625;420 Host: xxxxxxxxx Connection: Keep-Alive Content-Length: 288

Response Header:

HTTP/1.1 200 OK X-Cookie: 6420304cb8b72221c233041a0f2e7464815ebcfcc8661ede1a10a3e0f25737a5 Content-Encoding: gzip Content-Type: application/vnd.wap.wbxml Content-Length: 823

can you please help ? i really dont mind dropping a tip. Please

albin-lindstrom commented 1 year ago

Yes, I had the same issue with gzip and I didn't want to write more logic to handle decompression for it so I remove it on every incoming request.

Run mitmproxy with the -s ./script.py command and add the following to script.py:

from mitmproxy import http

def request(flow: http.HTTPFlow) -> None:
    del flow.request.headers["Accept-Encoding"]

This is what I use, with some more logic added:

from mitmproxy import http
from mitmproxy import ctx
import re

class script:
    def __init__(self):
        ctx.log.info("Script loaded!")

def request(flow: http.HTTPFlow) -> None:
    ctx.log.info("[{0}] Incoming request to process".format(flow.id))

    matches = re.match(
        r"^(\/Microsoft-Server-ActiveSync)(?:\?(.*)|$)", flow.request.path
    )

    if not matches:
        ctx.log.error("[{0}] Invalid path, aborting request!".format(flow.id))
        flow.response = http.Response.make(
            400, b"You shall not pass!", {"Content-Type": "text/html"}
        )

    if "Accept-Encoding" in flow.request.headers:
        del flow.request.headers["Accept-Encoding"]
        ctx.log.info(
            "[{0}] Removed Accept-Encoding header from request because gzip".format(
                flow.id
            )
        )

addons = [script()]
trimmytech commented 1 year ago

i am not really good with python , i use mitmweb to run , are you available today to jump on a quick call ? i will pay for your time.

Or can you please guide on how to run this ?

Also is see Microsoft-Server-ActiveSync , my request does not contain this

albin-lindstrom commented 1 year ago

i am not really good with python , i use mitmweb to run , are you available today to jump on a quick call ? i will pay for your time.

Or can you please guide on how to run this ?

Also is see Microsoft-Server-ActiveSync , my request does not contain this

No problem. Make a new file named `script.py' and then paste the following in it:

from mitmproxy import http
from mitmproxy import ctx
import re

class script:
    def __init__(self):
        ctx.log.info("Script loaded!")

def request(flow: http.HTTPFlow) -> None:
    ctx.log.info("[{0}] Incoming request to process".format(flow.id))

    if "Accept-Encoding" in flow.request.headers:
        del flow.request.headers["Accept-Encoding"]
        ctx.log.info(
            "[{0}] Removed Accept-Encoding header from request because gzip".format(
                flow.id
            )
        )

addons = [script()]

Then run mitmweb as you usually do but with the -s parameter, för example mitmweb [your parameters] -s ./script.py.

P:S: you said your request URI is not ActiveSync, but is the data in the request ActiveSync? This plugin is made for Exchange ActiveSync WBXML.

trimmytech commented 1 year ago

"P:S: you said your request URI is not ActiveSync, but is the data in the request ActiveSync? This plugin is made for Exchange ActiveSync WBXML."

my URL is not ActiveSync, i just happen to have an app that its content-type is application/vnd.wap.wbxml and i have been trying to able able to read it's content for more than a year now without success.

i tried your code , the gzipped encoding was removed but still i am unable to read it's content. Please see attached image

Screenshot 2023-10-22 at 10 29 01
albin-lindstrom commented 1 year ago

Sorry to hear that, but this code only works with MS-ASWBXML. You need to research more into the wbxml structure of your application to determine how to parse it.