Documentation Index

Fetch the complete documentation index at: https://docs.darwinium.com/llms.txt

Use this file to discover all available pages before exploring further.

Injection and Extraction Menu

Prev Next


The Darwinium Journey Editor has a common menu for injection and extraction operations that is used by both Data Mappings and also Call Url within Workflows.


The Injection and Extraction Menu is available when selecting the Operation to perform on the Request or Response Headers, Bodies and their parts.

Extract to Attribute

The Extract Attribute Operation can be used to extract data from part of a HTTP Request or Response and insert the contents into an Attribute so that it then becomes available to Workflow decisions, Models and Features.

Choose "Extract to Attribute" from the menu, then use the Attribute field to enter the name of the destination Attribute for the extraction to take place.

What happens if a data element is not present?

In the case of an Extract to Attribute operation being mapped on a data element that is not present, the extraction is skipped and processing continues on any following mappings.

(Optional) Include consistent non-PII attribute in scope

It is useful for investigations sharing and Data Analytics export to have a consistent non-PII attribute in scope.  Examples:

  • identity[ACCOUNT].customer_token.customer_token

  • custom_identifier[CUSTOM_IDENTIFIER_1].identifier

  • purchase.customer_id

  • payment.reference_number

  • transaction.reference_number

Inject...

Inject allows the insertion or modification of the target data. Target data can be a Request Body, Response Body, URL component, HTTP Header etc.

Three Injection options are provided for complete flexibility:

  • String content

  • From an attribute

  • From a template file

String Content

For small injections, string content provides a simple way of injecting content directly from the Journey Editor without the complexity of dealing with additional files.

String content is static and injected verbatim unless the Use template markup option is enabled. The Use template markup option will treat the string content as a Darwinium Template and will inject the rendered output instead of the content string. Refer to the Template Markup article for more details.

Simply set the Attribute setting to the desired content or Template and select the Injection Mode. See the Injection Mode section of this article for more details on Injection Modes.

From an Attribute

The From an Attribute option allows the injection of an Attribute value into the chosen destination via the selected Injection Mode. Simply set the Attribute setting to the desired Darwinium Attribute and select the Injection Mode. See the Injection Mode section of this article for more details on Injection Modes.

From a template file

For larger more complicated content, such as an entire HTML page or API call body it is easier to author the Template in a separate file.

Add a new file using the File Explorer and set the filename to an appropriate name and extension such as .html, .txt, .json etc.

Next, set the Template file to the relative path and file name of the Template file.

The Template file can use Darwinium Template Markup to dynamically render the injected content. Refer to the Template Markup article for more details.

Lastly select the Injection Mode to be used for the rendered output. See the Injection Mode section of this article for more details on Injection Modes.

When condition?

Injections have an optional boolean condition. When set, if the expression evaluates to TRUE then the injection will take place. However if the expression evaluates to FALSE then the injection will be skipped.

To set a condition, click the edit box below it:

Enter the desired boolean expression and click outside the edit box to finalise editing:

Injection Modes

Darwinium injection provides different modes of operation to cater to the tag based nature of HTML, XML and other forms of content.

HTML and XML use tags to mark up content. In the example below:

<MyData>this is my content</MyData>

<MyData>

This is the opening tag, before the content.

this is my content

This is the actual content.

</MyData>

This is the closing tag, after the content.

Overwrite

Will replace the entire field including the content with the injection payload, but only if the field exists.

Assuming that:

  • The field selected is XPATH and set to "/HTML/BODY"

  • The Body is "<HTML><BODY>Darwinium</BODY></HTML>

  • The injection payload is "Injection is fun!"

<BODY>Injection is fun!</BODY>

OverwriteContent

Will replace the content of the field with the injection payload, but only if the field exists.

Assuming that:

  • The field selected is XPATH and set to "/HTML/BODY"

  • The Body is "<HTML><BODY>Darwinium</BODY></HTML>

  • The injection payload is "Injection is fun!"

<HTML><BODY>Injection is fun!</BODY></HTML>

OverwriteOrInsertContent

Will replace the content of the field with the injection payload if the field exists OR will insert the field if it does not exist.

Assuming that:

  • The field selected is XPATH and set to "/HTML/BODY"

  • The Body is "<HTML><BODY>Darwinium</BODY></HTML>

  • The injection payload is "Injection is fun!"

<HTML><BODY>Injection is fun!</BODY></HTML>

Before

Before will inject the payload immediately before the field, but only if the field exists.

Assuming that:

  • The field selected is XPATH and set to "/HTML/BODY"

  • The Body is "<HTML><BODY>Darwinium</BODY></HTML>

  • The injection payload is "Injection is fun!"

<HTML>Injection is fun!<BODY>Darwinium</BODY></HTML>

After

After will inject the payload immediately after the field, but only if the field exists.

Assuming that:

  • The field selected is XPATH and set to "/HTML/BODY"

  • The Body is "<HTML><BODY>Darwinium</BODY></HTML>

  • The injection payload is "Injection is fun!"

<HTML><BODY>Darwinium</BODY>Injection is fun!</HTML>

BeforeContent

Before will inject the payload after the field start tag but immediately before the field content, only if the field exists.

Assuming that:

  • The field selected is XPATH and set to "/HTML/BODY"

  • The Body is "<HTML><BODY>Darwinium</BODY></HTML>

  • The injection payload is "Injection is fun!"

<HTML><BODY>Injection is fun!Darwinium</BODY></HTML>

AfterContent

After will inject the payload immediately after the field content, before the field closing tag only if the field exists.

Assuming that:

  • The field selected is XPATH and set to "/HTML/BODY"

  • The Body is "<HTML><BODY>Darwinium</BODY></HTML>

  • The injection payload is "Injection is fun!"

<HTML><BODY>DarwiniumInjection is fun!</BODY></HTML>

Hashes...

Hashes is a special form of extraction that is processed as content is streamed through the proxy. The target data is passed through a hashing function to compute a hash of the data.

The output of a hash is known as a digest. Because the digest is highly unique it is suitable for use as an Identifier Attribute. Please refer to the Identifiers section of the Attribute article for more details on Identifiers.

There are twelve content Identifier Attributes available to store hash digests of content and are referenced by the contexts 'ONE', 'TWO' .. through 'TWELVE'.

Hash Types

Darwinium supports multiple hash functions:

PDQ is a special hash function that applies only to images. PDQ hashing allows highly accurate identification and similarity matching between images.

MD5, SHA1, SHA2 and SHA3 are commonly used for file verification to ensure the contents of a file have not been tampered with in transit.

Typically images and other types of content are either part of a multipart form post or a HTTP Request Body.

To create a hash of an image uploaded via a form post, add a Request Body Mapping within the form POST Step as follows:

The field is the name of the form field where the image content will be uploaded. Next add the field name and select "Hashes..." under Operation. Then select the Content Context under which the hash should be stored along with enabling 'Compute PDQ' and any other hashes that are required.

Form POST's contain multiple fields and depending on the use case there may be multiple images being uploaded, for example multiple product images to an auction or marketplace listing.

If more than one image is present, simply repeat the process adding the appropriate field name and desired Operation.

With HTML/XML path...

XPath is a syntax for referencing parts of an XML or HTML document. The "With HTML/XML path" option allows the use of XPath syntax for referencing data elements for both injection and extraction.

XPath Operations are extremely useful when working with HTML and XML inside HTTP Request and Response Bodies.

Multiple Operations can be defined, each with their own XPath on which they will operate.

First choose which Mode the XPath should operate in, XML or HTML.

Given the following XML document:

<example>
    <title>Playstation 5</title>
    <price>500.00</price>
    <description>6 months old. Hardly used.</description>
</example>

The following XPath/XML configuration would be used to extract the title, price and description from the XML into the associated attributes:

With JSON path...

JSON is a syntax for referencing parts of a JSON document. The "With JSON path" option allows the use of JSONPath syntax for referencing data elements for both injection and extraction.

JSON Path Operations are extremely useful when working with JSON data within HTTP Request and Response Bodies.

Multiple Operations can be defined, each with their own JSONPath on which they will operate.

Given the following JSON document:

{
  "example" : {
     "title" : "Playstation 5",
     "price" : "500.00",
     "description" : "6 months old. Hardly used."
   }
}

The following JSONPath configuration would be used to extract the title, price and description from the JSON into the associated attributes:

Split by string token...

"Split by string token..." allows custom parsing of data using a custom Delimiter string. The data will be Tokenised based on the Delimiter and the resulting Tokens can be referenced by their index starting at 0 for the first Token.

Given the following CSV encoded data:

quickstream,55,incorrect pin

The following configuration could be used to parse the processing provider and response code from the data:

Split by string token advanced...

"Split by string token advanced..." allows custom parsing of data using a custom Delimiter that can be either a string or a single character by chaining together multiple Split by String Token Delimeter commands. This facilitates the extraction of data from complex data structures such as embedded JSON within HTML pages, Scripts that are embedded within HTML etc.  Below is an example of chaining multiple split tokens together.

<script id="data"> function data(){ return{"lastName":"Lat","firstName":"First","email":"first@last.com"};} </script>

Step 1. Using CSS Selector extract value based on the id of the script, this will return

function data(){ return{"firstName":"First","lastName":"Last","email":"first@last.com"};}

Step 2. Choose the String/delimeter to split by e.g. lastName would return all data before firstName in Token element 0 and in Token element 1 all data after firstName as below

":"First","email":"first@last.com"};}

Step 3. Further split the string using desired delimeter to extract to an attribute, e.g. '"' this would split the string into 8 Token string (0-7) element 2 being the value of First

First

The steps below demonstrate how to create the Data Mapping rule.

With JWT

JWT is frequently used with oAuth2 and other authentication mechanisms. The claim can be a useful resource for extracting embedded payload details such as usernames, email addresses, and permissions to various resources on your site.
Darwinium provides a mechanism that behaves similarly to the With JSON rule to extract paths from the JWT header or payload.

JWTs are often embedded as cookies in the Cookies header, or used as a token in the Authorization request header. Note that in order to access the JWT, you may need to use this rule in combination with the split by string token (in the case where there is a Bearer prefix) or split by key value pair (if it is a cookie) in order to isolate the JWT string.

With Base64

The With Base 64… rule converts a base64 encoded string into its UTF-8 equivalent, where downstream rules can then be used to extract content if this is encoded in a particular manner.

Split Into Key-Value pairs…

The Split into Key Value Pairs rule is particularly useful in parsing content such as cookies, where there is a defined scheme that denotes terms, delimeters and padding values. Note: this should not be used for JSON objects - the With JSON path rule is better at performing this, and has support for deeply nested objects and arrays.

By default, the rule is setup to work with cookies - simply specify the cookie name(s) you wish to extract.

Note that injection is currently not supported on this rule.

With Protobuf

The With Protobuf rule is useful in extracting protobuf-encoded data - such as gRPC requests. It entails some knowledge of the protobuf schema to identify the index of the protobuf object you wish to extract