Missing faraday-client v3.11 ?

[lmcthbe]

root@kali:~# faraday-manage status-check

Showing faraday server configuration version: 3.11.1 bind_address: localhost port: 5985 websocket_port: 9000 debug: False

Showing faraday plugins data version: 1.2

Showing dashboard configuration show_vulns_by_price: False

Showing storage configuration path: /root/.faraday/storage

Checking if postgreSQL is running... [+] PostgreSQL is running and up to date [+] PostgreSQL lock not detected. [+] PostgreSQL encoding: UTF8

Checking if Faraday is running... [+] Faraday Server is running. PID:44672

Checking Faraday config... [+] /.faraday/storage -> Permission accepted [+] Port 5985 in localhost is open

faraday-client package is missing so it is no more possible to upload reports in Kali.

[lmcthbe]

Found that report can be uploaded via API server but I cannot find the needed csrf-token parameter

[llazzaro]

Hi! You can try the following example to upload a report using the api. We will keep you updated about the faraday client status in kali.

Thanks!

[lmcthbe]

Hi Ilazzaro,

Thanks but I am afraid the link that you sent is incorrect ... it is about "Walking tour Deoksugung Palace | Seoul, South Korea"

I tried to upload reports using the API but I got 403 because I am missing the csrf_token ? and I don't know where to get it ?

[llazzaro]

Can you check again, I updated the link

[lmcthbe]

Yes much better. Thanks

I will look into it

[lmcthbe]

It worked. I would be fine with that for now and integrate it into my scanning wrapper

Thanks for having updated the wiki

[lmcthbe]

Upload report via API on Kali worked fine however I have faraday installed on Ubuntu 18.04 via Katoolin on Azure as I cannot get Kali and when uploading report I got 400 Bad request instead. Any idea to troubleshoot this ?

I have run faraday-server in debug mode but nothing useful displayed

[llazzaro]

make sure that all request uses the same server address and that the workspace in the url exists.

[jaymes95]

I love the work that the Infobyte team have performed. However, I would agree with this very being beneficial to have the client for each release. I've resorted to using an older version of Faraday just to be able to use the CLI opposed to the API.

[lmcthbe]

I used the same script and same workspace name that worked with Kali on Ubuntu and still get "Bad Request". I got both cookie and csrf_token, see below.

I noticed also that whatever is sent when uploading report (no cookie, wrong ws, no csrf) I always got Bad Request on Ubuntu

Connected to 127.0.0.1 (127.0.0.1) port 5985 (#0)                                                                                                                                  [29/2225]
> POST /_api/login HTTP/1.1
> Host: 127.0.0.1:5985
> User-Agent: curl/7.68.0
> Origin: http://127.0.0.1:5985
> Accept-Encoding: gzip, deflate, br
> Accept-Language: en-US,en;q=0.9
> Content-Type: application/json
> Accept: application/json, text/javascript, */*; q=0.01
> Referer: http://127.0.0.1:5985/
> X-Requested-With: XMLHttpRequest
> Connection: keep-alive
> Content-Length: 46
> 
* upload completely sent off: 46 out of 46 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 15 Jul 2020 11:46:58 GMT
< Content-Type: application/json
< Content-Length: 252
* Added cookie faraday_session_2="464c3e4df2bfcb14_5f0eecb3.dw4LBpSX0rrJqp_8awnm5K61Prk" for domain 127.0.0.1, path /, expire 0
< Set-Cookie: faraday_session_2=464c3e4df2bfcb14_5f0eecb3.dw4LBpSX0rrJqp_8awnm5K61Prk; HttpOnly; Path=/; SameSite=Lax
< 
{"meta":{"code":200},"response":{"user":{"authentication_token":"WyIxIiwiJDUkcm91bmRzPTUzNTAwMCQ3dk44VUNvYWdsTW1ibXdrJFBaQWlIVjBKSDViVWJPT25TWld2dG83VDR3eTl5MUhscFdzOFlPZDQ4Si8iXQ.Xw7ssw._gB
OibItaX23ozeLgHD2AHl9TxE","name":null,"username":"faraday"}}}
* Connection #0 to host 127.0.0.1 left intact
Ijk0YjUzNjkyZWY3ZjA4ZDkzMzE5NmJjYzMxZDFkYWRhM2JkYTIwOGQi.Xw7ssw.rQ-kiuFnbnhs1fT7Qy2g27TfJug
*   Trying 127.0.0.1:5985...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 5985 (#0)
> POST /_api/v2/ws/test/upload_report HTTP/1.1
> Host: 127.0.0.1:5985
> Cookie: faraday_session_2=464c3e4df2bfcb14_5f0eecb3.dw4LBpSX0rrJqp_8awnm5K61Prk
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
> Accept: application/json, text/plain, */*
> Origin: http://127.0.0.1:5985
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
> Referer: http://127.0.0.1:5985/
> Accept-Encoding: gzip, deflate, br
> Accept-Language:  en-US,en;q=0.9,es;q=0.8
> Content-Length: 10115
> Content-Type: multipart/form-data; boundary=------------------------6b92674430a67360
> Expect: 100-continue
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 100 Continue
HTTP/1.1 100 Continue

* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
* no chunk, no close, no size. Assume close to signal end

[llazzaro]

Hi! @lmcthbe @jaymes95

We just released v1.0.0 of faraday-client, you can download the installers from here.

You can also check the source code here.

We create a request a ticket for adding the client into kali here

I will try to provide a script for uploading the reports soon.

Thanks!

[lmcthbe]

Got a conflict with python-faraday package already installed on Kali when installing the client

[llazzaro]

Hi, Yes that's normal, you will need to uninstall python-faraday.

[llazzaro]

Are you using the server in the same machine as the client? In that case we need to review the conflict from our side.

[lmcthbe]

Yes, the server and client are on the same machine. Below is the detail of the conflict

apt list faraday Listing... Done faraday/kali-rolling,now 3.11.1-0kali3 all [installed,automatic] root@vatb:~/mass# dpkg -i faraday-client_amd64.deb dpkg: regarding faraday-client_amd64.deb containing faraday-client-gui: faraday-client-gui conflicts with python-faraday python-faraday (version 3.11.1-0kali3) is present and installed. faraday provides python-faraday and is present and installed.

dpkg: error processing archive faraday-client_amd64.deb (--install): conflicting packages - not installing faraday-client-gui Errors were encountered while processing: faraday-client_amd64.deb

[mrpogden]

glad I found this, been going nuts trying to set this up on a new Kali build.

Same issue here: Kali 2020 comes without the client installed. Installing the older client doesn't work at all Installing the new client (1.0.0) uninstalls the server. (when installed with apt, no errors)

I hadn't realized the conflict til I tried dpkg -i instead of apt install

dpkg: error processing archive faraday-client_amd64(1).deb (--install): conflicting packages - not installing faraday-client-gui

Trying to run client and server on the same box. I cant run an older version because of the Marshmallow issue

[dnadares]

Hi guys!

We uploaded a faraday-client installer without the server conflict. Could you try it again, please? Let us know if did it work for you.

Thanks in advance,

Diego

[lmcthbe]

Hi Diego,

I installed the faraday-client successfully on Kali and being able to upload a report.

Thanks for the good work!

[EricHorvat]

Hi Thierry,

We are glad it worked as expected, so I'll close this issue. For any other problem, feel free to open a new issue or re-open this one.

Thanks!