Data retrieval from the TAXII server with a TAXII client

[ManuelZe]

I am currently experiencing the same problem currently. But with version 2.1 of Taxii. Except that for me, I have

Content-Type: 'text / plain' for Accept: 'application / taxii + json; version = 2.1'
If you are trying to contact a TAXII 2.0 Server use 'from taxii2client.v20 import X'
If you are trying to contact a TAXII 2.1 Server use 'from taxii2client.v21 import X'

Could someone help me please?

I am using the medallion for TAXII server configuration.
As well as data extraction with the TAXII client developed by OASIS

Here is the data extraction code

`
from django.shortcuts import render

from taxii2client.v21 import Server
import requests
from taxii2client.v21 import Collection, as_pages

HEADERS = { 'Accept: application/taxii+json;version=2.1'}

def getinfo(request):
server = Server(url = 'http://127.0.0.1:5000/taxii2/', user='admin', password='Password0')

p = print(server.title)
p = print(server.description)

# Performing TAXII 2.0 Requests
# ---------------------------------------------------------------- #
# Performing TAXII 2.1 Requests
from taxii2client.v21 import Collection, as_pages

collection = Collection(url = 'http://127.0.0.1:5000/api2/collections/91a7b528-80eb-42ed-a74d-c6fbd5a26116', user='admin', password='Password0')
print(collection.get_object('indicator--252c7c11-daf2-42bd-843b-be65edca9f61'))

# For normal (no pagination) requests
print(collection.get_objects())
print(collection.get_manifest())

# For pagination requests.
# Use *args for other arguments to the call and **kwargs to pass filter information
for envelope in as_pages(collection.get_objects, per_request=50):
	print(envelope)

for manifest_resource in as_pages(collection.get_manifest, per_request=50):
	print(manifest_resource)


return render(request, 'home.htm')

`

TAXII Server : Medallion : server

TAXII Client : Client

[ManuelZe]

@zrush-mitre

[zrush-mitre]

Hi @ManuelZe,

Thanks for creating a new issue and expanding on this. I have a lot more info and can hopefully pinpoint the issue.

I assume the incorrect output you're getting is:

Content-Type: 'text / plain' for Accept: 'application / taxii + json; version = 2.1'
If you are trying to contact a TAXII 2.0 Server use 'from taxii2client.v20 import X'
If you are trying to contact a TAXII 2.1 Server use 'from taxii2client.v21 import X'

What line in your code is actually producing this output? Is it

p = print(server.title)

or is it

for envelope in as_pages(collection.get_objects, per_request=50):
print(envelope)

With that information I should be able to figure out your issue.

Thanks

[clenk]

@ManuelZe are you still having this issue? Could you indicate which line in the code is causing the error?

[rohits144]

Hi, I am facing the same issue as described above, it's just that i am using a different URL (http://hailataxii.com/taxii-discovery-service). the error comes in the line "server.title". I tried with different feeds but got different errors like (HTTP 500, 406, 400) etc with different urls.

I tried with postman and i got same error HTTP 400

I am not sure what should be the value of the X-TAXII-Content-Type header

Console log when trying with taxii2client

Traceback (most recent call last):
File ".\script.py", line 5, in
print(server.title)
File "C:\Users\Rohit Ranjan\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.7_qbz5n2kfra8p0\LocalCache\local-packages\Python37\site-packages
taxii2client\v20_init_.py", line 733, in title
self.ensure_loaded()
File "C:\Users\Rohit Ranjan\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.7_qbz5n2kfra8p0\LocalCache\local-packages\Python37\site-packages
taxii2client\v20_init.py", line 769, in ensure_loaded
self.refresh()
File "C:\Users\Rohit Ranjan\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.7_qbz5n2kfra8p0\LocalCache\local-packages\Python37\site-packages
taxii2client\v20_init.py", line 805, in refresh
response = self.__raw = self._conn.get(self.url)
File "C:\Users\Rohit Ranjan\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.7_qbz5n2kfra8p0\LocalCache\local-packages\Python37\site-packages
taxii2client\common.py", line 310, in get
raise e
File "C:\Users\Rohit Ranjan\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.7_qbz5n2kfra8p0\LocalCache\local-packages\Python37\site-packages
taxii2client\common.py", line 300, in get
resp.raise_for_status()
File "C:\Users\Rohit Ranjan\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.7_qbz5n2kfra8p0\LocalCache\local-packages\Python37\site-packages
requests\models.py", line 960, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://hailataxii.com/taxii-discovery-service/

[clenk]

Hi @rohits144, I believe this is a different issue. Hailataxii is a TAXII 1.x server, while this client is designed for TAXII 2.x. Cabby is a good TAXII 1.x client. If you're intending to use TAXII 2.x instead you'll need to connect to a TAXII 2.x server, such as medallion or FreeTAXII.

[TechBurn0ut]

I am seeing this issue when trying to connect the taxii2client to an OpenCTI (5.3.10) instance. I can reproduce at any time. The issue specifically occurs when the client authenticates and verify/validate the content type. Within the get function of the Common Class:

cti-taxii-client/taxii2client/common.py

Line 249 in 2c73aa5

def valid_content_type(self, content_type, accept):

@ManuelZe Let me know what I can do to help remediate this.

Traceback:

Error: Unexpected Response. Got Content-Type: 'application/taxii+json; charset=utf-8; version=2.1' for Accept: 'application/vnd.oasis.taxii+json; version=2.0' If you are trying to contact a TAXII 2.0 Server use 'from taxii2client.v20 import X' If you are trying to contact a TAXII 2.1 Server use 'from taxii2client.v21 import X' traceback: Traceback (most recent call last): File "", line 11834, in main File "", line 12180, in initialise File "", line 12123, in init_roots File "", line 12119, in init_roots File "", line 12133, in set_api_root File "/usr/local/lib/python3.9/site-packages/taxii2client/v20/init.py", line 753, in api_roots self._ensure_loaded() File "/usr/local/lib/python3.9/site-packages/taxii2client/v20/init.py", line 769, in _ensure_loaded self.refresh() File "/usr/local/lib/python3.9/site-packages/taxii2client/v20/init.py", line 805, in refresh response = self.__raw = self._conn.get(self.url) File "/usr/local/lib/python3.9/site-packages/taxii2client/common.py", line 319, in get raise TAXIIServiceException(msg.format(content_type, accept)) taxii2client.exceptions.TAXIIServiceException: Unexpected Response. Got Content-Type: 'application/taxii+json; charset=utf-8; version=2.1' for Accept: 'application/vnd.oasis.taxii+json; version=2.0' If you are trying to contact a TAXII 2.0 Server use 'from taxii2client.v20 import X' If you are trying to contact a TAXII 2.1 Server use 'from taxii2client.v21 import X' (85)

[clenk]

@TechBurn0ut you have a different issue. Looks like you are using the 2.0 client to connect to a 2.1 server. Try importing from taxii2client.v21 instead.

[mrd7790]

@TechBurn0ut
i have same problem but i cant fix it can you help me? i use OpenCTI TAXII server collection

from taxii2client.v21 import Server

Initialize the TAXII server

server = Server(url='http://192.168.204.114:8080/taxii2/', user='user', password='password')
collection_id = '3c42e325-611e-43ae-b789-3f2f8f275596'

api_root = server.api_roots[0]
print(api_root.collections)

desired_collection = None
for collection in api_root.collections:
if collection.id == collection_id:
desired_collection = collection
break

response = desired_collection.get_object()

taxii2client.exceptions.TAXIIServiceException: Unexpected Response. Got Content-Type: 'application/json; charset=utf-8' for Accept: 'application/taxii+json;version=2.1'
If you are trying to contact a TAXII 2.0 Server use 'from taxii2client.v20 import X'
If you are trying to contact a TAXII 2.1 Server use 'from taxii2client.v21 import X'

[chisholm]

Looks like the content type that the server sent you is not compliant with either TAXII 2.0 or 2.1.

TAXII 2.0 requires something like application/vnd.oasis.taxii+json [1].
TAXII 2.1 requires something like application/taxii+json [2].

Some of the API methods have an accept parameter, which you might use to override the default:

cti-taxii-client/taxii2client/v21/__init__.py

Line 606 in 54dabad

def refresh_collections(self, accept=MEDIA_TYPE_TAXII_V21):

But it seems like their TAXII server should be sending spec compliant response headers!

[1] https://docs.oasis-open.org/cti/taxii/v2.0/taxii-v2.0.html#_Toc496542707
[2] https://docs.oasis-open.org/cti/taxii/v2.1/taxii-v2.1.html#_Toc31107504

Edit: I am just looking at the code, not running tests on non-compliant servers, but using a custom value for accept might not actually work. Looks like the client really must find application/taxii+json in the response Content-Type header, or it will reject the response:

cti-taxii-client/taxii2client/common.py

Lines 296 to 297 in 54dabad

	all(elem in content_type_tokens for elem in accept_tokens) and
	content_type_tokens[0] == 'application/taxii+json'