Penetration Testing mailing list archives
Using PyMaltego as a Maltego client
From: natronicus <natronicus () gmail com>
Date: Mon, 10 Mar 2008 13:57:36 -0500
I tried sending the below to the official Maltego mailing list on Friday, but thought I would try here as well. I've been trying to use the PyMaltego library (http://code.google.com/p/pymaltego/) to connect to the 'official' Maltego (http://www.paterva.com/web2/Maltego/maltego.html) TAS located at maltego4.paterva.com, but I'm constantly getting an Invalid API Key error message, which is false. Do any of you use the maltego4 transforms with your code? If so, what did you change in order to make it work? Is the maltego4 TAS intentionally rejecting requests not made from its GUI? I've included the headers and bodies of the accepted Maltego GUI requests, rejected stock PyMaltego requests, and the rejected attempts by me to modify PyMaltego to bring its headers into compliance. What am I missing? Request from Maltego GUI (accepted by Maltego TAS): POST /TomcatWrapper/MaltegoRunner?Command=_RUN&TransformToRun=DomainToDNSName_NS&Key=ABCDE HTTP/1.1 User-Agent: Jakarta Commons-HttpClient/3.1 Host: maltego4.paterva.com Content-Length: 306 Content-Type: text/xml Stock request from PyMaltego (rejected by Maltego TAS): POST /TomcatWrapper/MaltegoRunner?Command=_RUN&TransformToRun=DomainToDNSName_NS&key=ABCDE HTTP/1.1 Host: maltego4.paterva.com Accept-Encoding: identity Content-Length: 262 Content-Type: text/xml User-Agent: PyMaltego-0.5 Modified request from PyMaltego (still rejected): POST /TomcatWrapper/MaltegoRunner?Command=_RUN&TransformToRun=DomainToDNSName_NS&key=ABCDE HTTP/1.1 Host: maltego4.paterva.com Accept-Encoding: identity Content-Length: 255 Content-Type: text/xml User-Agent: Jakarta Commons-HttpClient/3.1 I've also tried setting "Accept-Encoding" to null, but that makes no difference. I do not believe I am able to remove the header altogether with Python's liburl. I've considered switching to the PycURL library to give greater control of headers, but I wanted to ask you guys how you worked around this before going to the trouble. Also, just using cURL from the command line, I can get the TAS to accept the requests and respond appropriately. As for the bodies of the messages: Accepted request body: <MaltegoMessage> <MaltegoTransformRequestMessage> <Entities> <Entity Type="Domain"> <Weight>100</Weight> <Value>gmail.com</Value> </Entity> </Entities> <Limits SoftLimit="5" HardLimit="100"/> </MaltegoTransformRequestMessage> </MaltegoMessage> Rejected PyMaltego request body: <MaltegoMessage> <MaltegoTransformRequestMessage><Entities><Entity Type="Domain"><Value>gmail.com</Value><AdditionalFields/><DisplayInformation/></Entity></Entities><Limits HardLimit="1000" SoftLimit="200"/></MaltegoTransformRequestMessage></MaltegoMessage> In the headers, the only differences I can find between these is the "Accept-Encoding" header and header order. In the bodies, other than formatting, the PyMaltego request is missing the <Weight> tags, has added the <AdditionalFields/> and <DisplayInformation/> tags, and has changed the Hard and SoftLimits. Any ideas? Best regards, N ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Using PyMaltego as a Maltego client natronicus (Mar 12)