From: natronicus (natronicus@gmail.com)
Date: Mon Mar 10 2008 - 13:57:36 EST
I tried sending the below to the official Maltego mailing list on
Friday, but thought I would try here as well.
I've been trying to use the PyMaltego library
(http://code.google.com/p/pymaltego/) to connect to the 'official'
Maltego (http://www.paterva.com/web2/Maltego/maltego.html) TAS located
at maltego4.paterva.com, but I'm constantly getting an Invalid API Key
error message, which is false. Do any of you use the maltego4
transforms with your code? If so, what did you change in order to
make it work? Is the maltego4 TAS intentionally rejecting requests
not made from its GUI?
I've included the headers and bodies of the accepted Maltego GUI
requests, rejected stock PyMaltego requests, and the rejected attempts
by me to modify PyMaltego to bring its headers into compliance. What
am I missing?
Request from Maltego GUI (accepted by Maltego TAS):
POST /TomcatWrapper/MaltegoRunner?Command=_RUN&TransformToRun=DomainToDNSName_NS&Key=ABCDE
HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
Host: maltego4.paterva.com
Content-Length: 306
Content-Type: text/xml
Stock request from PyMaltego (rejected by Maltego TAS):
POST /TomcatWrapper/MaltegoRunner?Command=_RUN&TransformToRun=DomainToDNSName_NS&key=ABCDE
HTTP/1.1
Host: maltego4.paterva.com
Accept-Encoding: identity
Content-Length: 262
Content-Type: text/xml
User-Agent: PyMaltego-0.5
Modified request from PyMaltego (still rejected):
POST /TomcatWrapper/MaltegoRunner?Command=_RUN&TransformToRun=DomainToDNSName_NS&key=ABCDE
HTTP/1.1
Host: maltego4.paterva.com
Accept-Encoding: identity
Content-Length: 255
Content-Type: text/xml
User-Agent: Jakarta Commons-HttpClient/3.1
I've also tried setting "Accept-Encoding" to null, but that makes no
difference. I do not believe I am able to remove the header
altogether with Python's liburl. I've considered switching to the
PycURL library to give greater control of headers, but I wanted to ask
you guys how you worked around this before going to the trouble.
Also, just using cURL from the command line, I can get the TAS to
accept the requests and respond appropriately.
As for the bodies of the messages:
Accepted request body:
<MaltegoMessage>
<MaltegoTransformRequestMessage>
<Entities>
<Entity Type="Domain">
<Weight>100</Weight>
<Value>gmail.com</Value>
</Entity>
</Entities>
<Limits SoftLimit="5" HardLimit="100"/>
</MaltegoTransformRequestMessage>
</MaltegoMessage>
Rejected PyMaltego request body:
<MaltegoMessage>
<MaltegoTransformRequestMessage><Entities><Entity
Type="Domain"><Value>gmail.com</Value><AdditionalFields/><DisplayInformation/></Entity></Entities><Limits
HardLimit="1000"
SoftLimit="200"/></MaltegoTransformRequestMessage></MaltegoMessage>
In the headers, the only differences I can find between these is the
"Accept-Encoding" header and header order. In the bodies, other than
formatting, the PyMaltego request is missing the <Weight> tags, has
added the <AdditionalFields/> and <DisplayInformation/> tags, and has
changed the Hard and SoftLimits.
Any ideas?
Best regards,
N
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:27 EDT