Translate a CURL command into a HTTP filter request

Ygal_Mizrachi · September 1, 2022, 1:51am

Hello i need some help translating this CURL request into a http filter syntax

curl -k -u username:password -X POST 'https://192.168.88.1/rest/tool/flood-ping' \--data '{"address":"192.168.88.223","count":"12","interval":"20ms"}' \ 
  -H "content-type: application/json"

This command WORKS as it returns this response:

[{".section":"0","avg-rtt":"1","max-rtt":"1","min-rtt":"1","received":"1","sent":"2"},{".section":"1","avg-rtt":"1","max-rtt":"1","min-rtt":"1","received":"12","sent":"12"}]%

Wich is the expected one.

As of now i have tried this configuration of the http filter plugin.

input {
    stdin {
        
    }
}
filter {
    http {
        url => "https://%{message}/rest/tool/flood-ping"
        user => "username"
        password => "password"
        headers => {
            "Content-Type" => "application/json"
        }
        verb => "POST"
        ssl_verification_mode => "none"
        query => {
            "address" => "192.168.88.223"
            "interval" => "20ms"
            "count" => "120"
        }
        target_body => "respt"
        
    }
}

output {
    
    stdout {
        
    }
}

But im getting this message:

[ERROR] 2022-08-31 21:26:17.884 [[main]>worker0] http - error during HTTP request {:url=>"https://192.168.88.1/rest/tool/flood-ping", :code=>400, :response=>"{\"detail\":\"missing values (5)\",\"error\":400,\"message\":\"Bad Request\"}"}
{
      "@version" => "1",
    "@timestamp" => 2022-09-01T01:26:15.342475Z,
         "event" => {
        "original" => "192.168.88.1"
    },
       "message" => "192.168.88.1",
          "host" => {
        "hostname" => "pragma"
    },
          "tags" => [
        [0] "_httprequestfailure"
    ]
}

Thanks in advance for any help that can be provided.

jsvd · September 1, 2022, 1:30pm

You want to use "body" setting instead of "query". the "query" setting places the values in the query string (e.g. http://ip:port?key1=value1&key2=value2):

        body => {
            "address" => "192.168.88.223"
            "interval" => "20ms"
            "count" => "120"
        }
        body_format => json

This will create an HTTP request like so:

POST /rest/tool/flood-ping HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Content-Length: 60
Host: localhost:4444
User-Agent: Manticore 0.9.1
Accept-Encoding: gzip,deflate
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

{"address":"192.168.88.223","count":"120","interval":"20ms"}

Ygal_Mizrachi · September 1, 2022, 10:28pm

Thank you so much for your help. This helped me a lot. I hope this also helps someone else

system · September 29, 2022, 10:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.