Fireeye HXTool CloudHelix Addition
Closed this issue · 13 comments
I have deployed HXTool and trying to add cloudhx into the browser interface using hostname:cloudhxurl and port as 443. But it does not connected. Proxy error is coming. How to fix this? Already added proxy config..Do I need to add any additional setting
Hi @ilakiyaisg -
What hostname are you entering in the profile? It should just be the Cloud HX webui hostname, no https. As for a proxy, do you require one to reach your Cloud HX instance? If so, what does your proxy config look like? What, if any, error messages are you seeing in the console?
Thanks,
Elazar
Yes. I have given full hostname of cloudhx1 console without https, given port as 443. And also given proxy setting as mentioned in readme.config ("proxies" : { "https": "https://user:password@host:port" }). Below error is coming..Kindly advice on this....
HTTPSConnectionPool(host='xxxxx-hx-webui-1.hex01.helix.apps.fireeye.com', port=443): Max retries exceeded with url: /hx/api/v1/token (caused by proxyerror(cannot connect to proxy) newconnectionerror(<urllib3.connection.HTTPSconnection object at .....)))
Hi @don-boss670 -
Whats is the rest of the error message? There should be an additional message after 'newconnectionerror', i.e. 'getaddrinfo failed' etc. Also, does your proxy username and/or password contain @ or #? (ref: psf/requests#3990).
Thanks,
Elazar
This is the error:
HTTPSConnectionPool(host='xxxxx-hx-webui-1.hex01.helix.apps.fireeye.com', port=443): Max retries exceeded with url: /hx/api/v1/token (caused by proxyerror(cannot connect to proxy) fileenotfounderror(2,"no such a file or directory"))))
Any other way to give password because we are giving password as plaintext in config file..it may leads to security an issue..Can you please suggest us to use proxy config file(PAC file) url for proxy configuration?
Hi @don-boss670 -
Thanks for the information. That error, FileNotFound, is very odd. What does the proxy section of your conf.json look like? As for PAC files, this is a good idea. There is a Python module for PAC support in requests, I'll take a look at implementing that. Can you kindly open a new issue requesting PAC support? This way we can track that separately from this issue.
Thanks,
Elazar
Thanks for the prompted response. Raised the new issue for PAC file implementation...
Please check the below and resolve it
config file:
"network": {
"ssl": "enabled",
"port": 3001,
"listen_address": "0.0.0.0",
"session_timeout": 30,
"proxies": {
"https": "https://username:password@proxyip:port"
}
Hi @don-boss670 -
Can you try URL encoding the username and password (separately) in your config file?
Thanks,
Elazar
Can you please suggest in detail how to do that?
Hi @don-boss670 -
Sure! You can do this using online in-browser tools like Cyberchef or you can do so from Python, like so:
from urllib.parse import quote_plus
quote_plus('username here')
quote_plus('password here')
Make sure to encode the username and password separately, and then modify your proxy URL in conf.json to be https://encodedusername:encodedpassword@proxy:port.
Thanks,
Elazar
Still I am facing error. Can you please check this.
config file:
"network": {
"ssl": "enabled",
"port": 3001,
"listen_address": "0.0.0.0",
"session_timeout": 30,
"proxies": {
"https": "https://encodedusername:encodedpassword@proxyip:port"
}
Error Message:
HTTPSConenctionPool(host:'hxcloudurl.apps.fireeye.com',port=443): Max retries exceeded with url: hx/api/v1/token(Caused by ProxyError("Cannot connect to proxy", NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x0000013431>: Failed to establish a new connection : [winerror 10060]> a connection attempt failed because connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond')))
Hi @don-boss670 -
It looks like HXTool is failing to connect to your proxy. Does the machine that you're running it on have access to the proxy?
Thanks,
Elazar
Hi @don-boss670 -
Is this still an issue?
Thanks,
Elazar