Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VirusTotal API calls failing because of user-agent string? #18

Open
actualben opened this issue May 24, 2022 · 0 comments
Open

VirusTotal API calls failing because of user-agent string? #18

actualben opened this issue May 24, 2022 · 0 comments

Comments

@actualben
Copy link

My VirusTotal API calls are all returning 400. But if I change the User-Agent they work.

Here's an example using httpie. I have a request body in my clipboard...

$ pbpaste; echo
[{"autostart_entry":"at.obdev.littlesnitch.networkextension","autostart_location":"System Extensions","hash":"D162ACA6017331536ECC353E95BECD662C2D4356","image_path":"\/Applications\/Little Snitch.app\/Contents\/Library\/SystemExtensions\/at.obdev.littlesnitch.networkextension.systemextension\/Contents\/MacOS\/at.obdev.littlesnitch.networkextension","creation_datetime":"2022-05-02 1:52:02 PM +0000"}]

now I'll post it with the default user-agent VirusTotal:

$ pbpaste | http post 'https://www.virustotal.com/partners/sysinternals/file-reports?apikey=233f22e200ca5822bd91103043ccac138b910db79f29af5616a9afe8b6f215ad' User-Agent:VirusTotal
HTTP/1.1 400 Bad Request
Content-Length: 223
Content-Type: text/html; charset=UTF-8
Date: Tue, 24 May 2022 11:42:37 GMT
Server: Google Frontend
X-Cloud-Trace-Context: 19a63f180767bfd118745e4f8f6aab0d

<html>
 <head>
  <title>400 Bad Request</title>
 </head>
 <body>
  <h1>400 Bad Request</h1>
  The server could not comply with the request since it is either malformed or otherwise incorrect.<br /><br />



 </body>
</html>

now I'll try it with a different user-agent...

$ pbpaste | http post 'https://www.virustotal.com/partners/sysinternals/file-reports?apikey=233f22e200ca5822bd91103043ccac138b910db79f29af5616a9afe8b6f215ad' User-Agent:KnockKnock
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 275
Date: Tue, 24 May 2022 11:42:42 GMT
Server: Google Frontend
X-Cloud-Trace-Context: 0bca17327a53ef4e5109c3f2f6a28031
content-type: application/json

{
    "data": [
        {
            "detection_ratio": "0/72",
            "found": true,
            "hash": "D162ACA6017331536ECC353E95BECD662C2D4356",
            "permalink": "https://www.virustotal.com/gui/file/8eb9c444d7eb2ed94a5854f8a82c39fb45f6ba541eb74b6b23906a9899f90544/detection",
            "positives": 0,
            "total": 72
        }
    ],
    "result": 1
}

Changing the UserAgent in Consts.h fixes if for me:

diff --git a/Consts.h b/Consts.h
index f0f9971..566c67d 100755
--- a/Consts.h
+++ b/Consts.h
@@ -244,7 +244,7 @@ enum Signer{None, Apple, AppStore, DevID, AdHoc};
 #define VT_API_KEY @"233f22e200ca5822bd91103043ccac138b910db79f29af5616a9afe8b6f215ad"
 
 //user agent
-#define VT_USER_AGENT @"VirusTotal"
+#define VT_USER_AGENT @"KnockKnock"
 
 //query count
 #define VT_MAX_QUERY_COUNT 25

If I build and run with the default VT_USER_AGENT I get 400s, if I build and run with a different VT_USER_AGENT it works. At the same time I have another arm mac on the same LAN (behind the same NAT) with the identical version of KnockKnock (according to WhatsYourSign's hashes and signature checking) but that one works unmodified. Any ideas?
@actualben actualben changed the title VT API Calls Failing because of user-agent string? VirusTotal API calls failing because of user-agent string? May 24, 2022
@actualben actualben mentioned this issue Oct 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@actualben