sending protobufs file to an API endpoint

Question

so i have an API endpoint, which is supposed to get protobufs bin files. it is written in C# and use the protobufs-net.

when i try to send the file to this endpoint, i get the following error:

RUnexpected end-group in source data; this usually means the source data is corrupt

i tried the following requests (decoded from bin file):

POST /api/protobufs HTTP/1.1
Host: xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-protobuf
Connection: close
Upgrade-Insecure-Requests: 1
Content-Length: 3555

1 {
  1: "4f81b7bb-d8bd-e911-9c1f-06ec640006bb"
  2: 0x404104bc4ed047ac
  3: 0x4049c4fee8a8cb66
  4: 0x40400000
  5 {
    1: "53f8afde-04c6-e811-910e-4622e9d1766e"
    2 {
      1: "e993fba0-8fc9-e811-9c15-06ec640006bb"
    }
    2 {
      1: "9a7c7210-3aca-e811-9c15-06ec640006bb"
      2: 1
    }
    2 {
      1: "2d7d12f1-2bc9-e811-9c15-06ec640006bb"
    }
    3: 18446744073709551615
  }
  6: 159
  7: 1571059251000
}
1 {
  1: "4f81b7bb-d8bd-e911-9c1f-06ec640006bb"
  2: 0x404104d746a35280
  3: 0x4049c5125c231685
  4: 0x40400000
  5 {
    1: "53f8afde-04c6-e811-910e-4622e9d1766e"
    2 {
      1: "e993fba0-8fc9-e811-9c15-06ec640006bb"
    }
    2 {
      1: "9a7c7210-3aca-e811-9c15-06ec640006bb"
      2: 1
    }
    2 {
      1: "2d7d12f1-2bc9-e811-9c15-06ec640006bb"
    }
    3: 18446744073709551615
  }
  6: 95
  7: 1571059255000
}

and when i try to upload the bin file itself, i get the following error:

Invalid wire-type; this usually means you have over-written a file without truncating or setting the length; see https://stackoverflow.com/q/2152978/23354

the request is :

POST /api/protobufs HTTP/1.1
Host: xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: application/x-protobuf,text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/octet-stream
Upgrade-Insecure-Requests: 1
Content-Length: 2029


õ
$4f81b7bb-d8bd-e911-9c1f-06ec640006bb ¬GÐN¼ A@ f˨èþÄI@%��@@*«
$53f8afde-04c6-e811-910e-4622e9d1766e &
$e993fba0-8fc9-e811-9c15-06ec640006bb (
$9a7c7210-3aca-e811-9c15-06ec640006bb &
$2d7d12f1-2bc9-e811-9c15-06ec640006bb ÿÿÿÿÿÿÿÿÿ 0Ÿ 8¸î¶ÓÜ-

i tried with content-type of application/x-protobuf and also application/octet-stream

is am i sending it correctly ? how can i send the file. (i used burp suite for this part)

Answer 1

I tried the following requests (decoded from bin file)

I suspect the bit in parentheses is the problem. That is protoc's human readable console output that exists only to help you understand what is in a protobuf payload; it isn't actually protobuf. The protobuf is the non-readable binary chunk you had previously.

From the previous question, it seems that you are trying to edit the contents of a protobuf payload. To do that, the usual process is:

1. Obtain the .proto schema (or reverse-engineer it, from the previous question)
2. Use an appropriate tool to turn the .proto schema (#1) into code that represents the model in your chosen language / framework
3. Deserialize the payload using the model (#2), into some object graph that is the data
4. Mutate the object graph from (#3)
5. Serialize the mutated object graph (#4) using the model (#2)

You would then upload the binary from #5

Some libraries and frameworks allow you to skip steps #1 and #2, using a "code first" approach to defining the model, but the results are the same.