Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] CyberChef Analyzer #600

Closed
weslambert opened this issue Jan 26, 2020 · 4 comments
Closed

[FR] CyberChef Analyzer #600

weslambert opened this issue Jan 26, 2020 · 4 comments
Assignees
@jeromeleonard
Labels
category:feature-request Issue is related to a feature request
Milestone
2.7.0

Comments

@weslambert
Copy link
Contributor

I've created an analyzer to automatically convert data via CyberChef server.

This analyzer includes data transformations for Base64, Hex, and CharCode -- it can be expanded in the future, but I figured this would be a good first start.

PR here: #599
@weslambert weslambert added the category:feature-request Issue is related to a feature request label Jan 26, 2020
@jeromeleonard jeromeleonard added this to the 2.6.0 milestone Feb 24, 2020
@jeromeleonard jeromeleonard self-assigned this Feb 28, 2020
@dadokkio
Copy link
Contributor

Hi, I'm trying to run your analyzer with cyberchef-server docker but it's not working.
The response from the server is something like:
{"value":[99,105,97,111],"type":"byteArray"}
and your code is returning error:

Traceback (most recent call last):
  File "test_cyb.py", line 15, in <module>
    output_data = str(output_data + str(chr(int(i))))
ValueError: invalid literal for int() with base 10: '{"value":[99'

I'm not sure if this depends from a different release of the cyberchef-server but I had to change your code to something like:

r = requests.post(url.strip('/') + '/bake', headers=headers, data=json.dumps(data))
output_data = "".join([chr(x) for x in r.json().get('value', [])])
self.report({ 'input_data': observable, 'output_data': output_data })

@weslambert
Copy link
Contributor Author

Thanks for reporting @dadokkio -- I'll look into this.

@jeromeleonard jeromeleonard modified the milestones: 2.6.0, 2.7.0 Mar 18, 2020
@weslambert
Copy link
Contributor Author

weslambert commented Mar 21, 2020
edited
Loading

So, it looks like, for some reason or another, as you pointed out @dadokkio , the code I had previously was no longer working. I've updated per the suggestion and it seems to be working okay now:

427a9a7

jeromeleonard added a commit that referenced this issue Apr 24, 2020
@jeromeleonard
#599 #600 #697 Update short report to avoid being too long, remove in…
689eb9b 
…put in short reports, add templates folders, improve long report to see both complete input and output
@weslambert
Copy link
Contributor Author

Awesome, thanks @jeromeleonard !

jeromeleonard added a commit that referenced this issue Jun 19, 2020
@jeromeleonard
#599 #600 #697 Update short report to avoid being too long, remove in…
59375f1 
…put in short reports, add templates folders, improve long report to see both complete input and output
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeromeleonard jeromeleonard

Labels
category:feature-request Issue is related to a feature request
Projects
None yet
Milestone
2.7.0
Development

No branches or pull requests
3 participants
@dadokkio @jeromeleonard @weslambert