Comments (8)
Some additional information. If I look at the transaction in Chrome developer mode, then when I try to access:
https://{fame server}/{hash}/submit_iocs/Yeti
I get a "Method Not Allowed" message. But the user has all rights granted.
The nginx log indicates a 405 result, but it appears in the access rather than error log.
The service is runnning SSL and HTTP2.
from fame.
You are getting "Method Not Allowed" because this is supposed to be a POST
, not a GET
.
The first step to debug would be to open the Chrome Developer Tools, go on the Network tab and retry. Then, click on the submit_iocs request and copy the "Request" and "Response" content so that we can understand the issue.
Could you also provide the configuration of your Yeti module to see if there is something wrong with it ?
from fame.
The Yeti Module configuration is as follows:
https://REDACTED:8080/api/
username: fame
password: fame
api key: {key provided by Yeti}
Here is the chrome output. It appears that it is using a POST.
Request URL: https://REDACTED:8888/analyses/5bbfb9091194db41a970eba3/submit_iocs/Yeti
Request Method: POST
Status Code: 500
Remote Address: 172.23.28.110:8888
Referrer Policy: no-referrer-when-downgrade
content-length: 291
content-type: text/html
date: Mon, 15 Oct 2018 12:51:10 GMT
server: openresty/1.13.6.2
status: 500
:authority: REDACTED:8888
:method: POST
:path: /analyses/5bbfb9091194db41a970eba3/submit_iocs/Yeti
:scheme: https
accept: /
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
content-length: 85
content-type: application/json
cookie: csrftoken=MQVdTwtidirDxVR3MWR77mKnkk3KOuzakLYx1GiY7WqyraIsPmUmo4hYQtwi3DSG; sessionid=l1iqvdahla9voiu3p6k3i4qke1stjqs0; session=.eJxNTj1vgzAU_CuV5wyuCQtSBiQHBNJ7CGTH8lsiNaGAgYU0Cjjiv9fq1OGGu9N9vNn1e2kfPUt-lmd7YNfhzpI3-_hiCQOfchTowNcxzFpUsunpD2WPvoutSzeS2YQyja3IRjLlCPLiKC82UJmzvltJ4QAzRCjOL3Ca4wwx5eWEpuakbtzOeiWpVxAQ0ay3oIlKdRGaJvRlA4gixoDgHdFAFPgRVB1yl7BbTlYVnyCLE9sP7Plol___0ZQD-PuE6raCGnn4FVU5ORBnYU0zsX3_BdIlURs.DqKI4Q.n1Oz90-8QLMZZv_9x8aBmGDJCrY
origin: https://REDACTED:8888
referer: https://REDACTED:8888/analyses/5bbfb9091194db41a970eba3
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
x-requested-with: XMLHttpRequest
[{value: "http://crl.geotrust.com/crls/secureca.crl", sources: "cuckoo", tags: ","}]
0: {value: "http://crl.geotrust.com/crls/secureca.crl", sources: "cuckoo", tags: ","}
from fame.
The above says a status code of 500 but the logs actually say 405, which is consistent with the Method message.
from fame.
Well, I switched Yeti to also listen for unencrypted HTTP traffic and that seems to have fixed things when I reconfigured FAME to use the unencrypted port.
from fame.
This probably means there is an issue with your HTTPS configuration. Are you using a self-signed certificate ? If you do, you have two options:
- Use a certificate signed by a commonly trusted AC (such as LetsEncrypt)
- Add your local AC/certificate to the list of trusted certificate on every system hosting FAME components
from fame.
Yes, we are using self-signed certificates. And all systems are being fed by the same nginx server so there is a single cert and key declared in the http {} settings which should be common across all platforms.
from fame.
Here is some documentation on how requests (the lib used by FAME) performs SSL Certificate Validation.
In your case, you would need to use the REQUESTS_CA_BUNDLE
environment variable to specify a certificate bundle that contains your self-signed certificate.
from fame.
Related Issues (20)
- Error at install due to the version of Flask HOT 4
- Build fail due to Flask-Login dependency HOT 1
- error when i try to enable a module HOT 1
- Filetype modules example
- custom module not loading HOT 2
- remote worker : Race condition when a remote worker is retrieving a file to analyze
- Errror processing extracted files when using a remote worker
- [Docker] `dockerd` sometimes fail to start inside the worker
- Allow FAME instances to be reachable from multiple URLs
- Errors when leading and trailing spaces are present in user email
- Installation fails with Python3.10.6 - AttributeError: module 'collections' has no attribute 'Iterable' HOT 1
- nginx not serving pictures of FAME after fresh install?! HOT 2
- Docker : Python: error libcrypto.so.1.1 HOT 13
- Private vulnerability reporting HOT 4
- Private vulnerability reporting HOT 2
- CVE ID assignment HOT 1
- API hash case insensitive HOT 3
- Password reset HOT 2
- Magic on extracted files HOT 1
- Error updating via utils/run.sh utils/update.py HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fame.