adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

116 lines
76 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><link rel="shortcut icon" href="/assets/images/favicon.png" type="image/x-icon"><link rel="stylesheet" href="/assets/css/just-the-docs-default.css"> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-4622520-7"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-4622520-7', { 'anonymize_ip': true }); </script> <script type="text/javascript" src="/assets/js/vendor/lunr.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/mermaid@10.8.0/dist/mermaid.min.js"></script> <script type="text/javascript" src="/assets/js/just-the-docs.js"></script><meta name="viewport" content="width=device-width, initial-scale=1"><title>How to Send an HTTP Request Using HttpClient | Metasploit Documentation Penetration Testing Software, Pen Testing Security</title><meta name="generator" content="Jekyll v4.3.4" /><meta property="og:title" content="How to Send an HTTP Request Using HttpClient" /><meta property="og:locale" content="en_US" /><meta name="description" content="View Metasploit Framework Documentation" /><meta property="og:description" content="View Metasploit Framework Documentation" /><link rel="canonical" href="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html" /><meta property="og:url" content="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html" /><meta property="og:site_name" content="Metasploit Documentation Penetration Testing Software, Pen Testing Security" /><meta property="og:type" content="website" /><meta name="twitter:card" content="summary" /><meta property="twitter:title" content="How to Send an HTTP Request Using HttpClient" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","description":"View Metasploit Framework Documentation","headline":"How to Send an HTTP Request Using HttpClient","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://rapid7.github.io/metasploit-framework/assets/images/favicon.png"}},"url":"https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html"}</script><body> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="svg-link" viewBox="0 0 24 24"><title>Link</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-link"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path> </svg> </symbol> <symbol id="svg-search" viewBox="0 0 24 24"><title>Search</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"> <circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"><title>Menu</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"><title>Expand</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-chevron-right"><polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <symbol id="svg-doc" viewBox="0 0 24 24"><title>Document</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file"><path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"></path><polyline points="13 2 13 9 20 9"></polyline> </svg> </symbol> </svg> <script type="text/javascript" src="/assets/js/toggle_init.js"></script><div class="side-bar"><div class="site-header"> <a href="/" class="site-title lh-tight"><img src="/assets/images/metasploit-logo-dark-external-use.svg" alt="Metasploit Logo" class="title-logo" /> </a> <a href="#" id="menu-button" class="site-button"> <svg viewBox="0 0 24 24" class="icon"><use xlink:href="#svg-menu"></use></svg> </a></div><nav role="navigation" aria-label="Main" id="site-nav" class="site-nav"><ul class="nav-list"><li class="nav-list-item active"><a href="/" class="nav-list-link">Home</a><li class="nav-list-item active"><a href="/docs/code-of-conduct.html" class="nav-list-link">Code Of Conduct</a><li class="nav-list-item active"><a href="/docs/modules.html" class="nav-list-link">Modules</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/" class="nav-list-link">Pentesting</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-setting-module-options.html" class="nav-list-link">Setting Module Options</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-upgrading-shells-to-meterpreter.html" class="nav-list-link">Upgrading Shells to Meterpreter</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-post-gather-modules.html" class="nav-list-link">Post Gather Modules</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-http.html" class="nav-list-link">HTTP + HTTPS</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-kubernetes.html" class="nav-list-link">Kubernetes</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-mysql.html" class="nav-list-link">MySQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-postgresql.html" class="nav-list-link">PostgreSQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-smb.html" class="nav-list-link">SMB</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-ssh.html" class="nav-list-link">SSH</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-winrm.html" class="nav-list-link">WinRM</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-mssql.html" class="nav-list-link">MSSQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-ldap.html" class="nav-list-link">LDAP</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/" class="nav-list-link">Active Directory</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/ad-certificates/" class="nav-list-link">AD CS</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/overview.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html" class="nav-list-link">Attacking AD CS ESC Vulnerabilities Using Metasploit</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/ldap_esc_vulnerable_cert_finder.html" class="nav-list-link">Vulnerable cert finder</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/ad_cs_cert_template.html" class="nav-list-link">Manage certificate templates</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/icpr_cert.html" class="nav-list-link">Request certificates</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/kerberos/" class="nav-list-link">Kerberos</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/overview.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/service_authentication.html" class="nav-list-link">Authenticating to SMB/WinRM/etc</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/kerberos_login.html" class="nav-list-link">Kerberos login enumeration and bruteforcing</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/get_ticket.html" class="nav-list-link">Get Ticket granting tickets and service tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/ticket_converter.html" class="nav-list-link">Converting kirbi and ccache files</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/forge_ticket.html" class="nav-list-link">Forging tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/inspect_ticket.html" class="nav-list-link">Inspecting tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/kerberoasting.html" class="nav-list-link">Kerberoasting</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/keytab.html" class="nav-list-link">Keytab support and decrypting wireshark traffic</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/rbcd.html" class="nav-list-link">Resource-based constrained delegation (RBCD)</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/unconstrained_delegation.html" class="nav-list-link">Unconstrained delegation</a></ul></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/" class="nav-list-link">Using Metasploit</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/getting-started/" class="nav-list-link">Getting Started</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/getting-started/nightly-installers.html" class="nav-list-link">Nightly Installers</a><li class="nav-list-item active"><a href="/docs/using-metasploit/getting-started/reporting-a-bug.html" class="nav-list-link">Reporting a Bug</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/basics/" class="nav-list-link">Basics</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/using-metasploit.html" class="nav-list-link">Running modules</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-a-metasploit-module-appropriately.html" class="nav-list-link">How to use a Metasploit module appropriately</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-payloads-work.html" class="nav-list-link">How payloads work</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/module-documentation.html" class="nav-list-link">Module Documentation</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-a-reverse-shell-in-metasploit.html" class="nav-list-link">How to use a reverse shell in Metasploit</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-msfvenom.html" class="nav-list-link">How to use msfvenom</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/managing-sessions.html" class="nav-list-link">Managing Sessions</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/intermediate/" class="nav-list-link">Intermediate</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/metasploit-database-support.html" class="nav-list-link">Database Support</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/evading-anti-virus.html" class="nav-list-link">Evading Anti Virus</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/exploit-ranking.html" class="nav-list-link">Exploit Ranking</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/hashes-and-password-cracking.html" class="nav-list-link">Hashes and Password Cracking</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/how-to-use-plugins.html" class="nav-list-link">Metasploit Plugins</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/payload-uuid.html" class="nav-list-link">Payload UUID</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/pivoting-in-metasploit.html" class="nav-list-link">Pivoting in Metasploit</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/running-private-modules.html" class="nav-list-link">Running Private Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/" class="nav-list-link">Advanced</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/how-to-configure-dns.html" class="nav-list-link">How to Configure DNS</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/metasploit-web-service.html" class="nav-list-link">Metasploit Web Service</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/meterpreter/" class="nav-list-link">Meterpreter</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-configuration.html" class="nav-list-link">Configuration</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/debugging-dead-meterpreter-sessions.html" class="nav-list-link">Debugging Dead Meterpreter Sessions</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html" class="nav-list-link">Debugging Meterpreter Sessions</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-executebof-command.html" class="nav-list-link">ExecuteBof Command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-http-communication.html" class="nav-list-link">HTTP Communication</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/how-to-get-started-with-writing-a-meterpreter-script.html" class="nav-list-link">How to get started with writing a Meterpreter script</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-paranoid-mode.html" class="nav-list-link">Paranoid Mode</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/powershell-extension.html" class="nav-list-link">Powershell Extension</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/python-extension.html" class="nav-list-link">Python Extension</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-reg-command.html" class="nav-list-link">Reg Command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-reliable-network-communication.html" class="nav-list-link">Reliable Network Communication</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-sleep-control.html" class="nav-list-link">Sleep Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-stageless-mode.html" class="nav-list-link">Stageless Mode</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/the-ins-and-outs-of-http-and-https-communications-in-meterpreter-and-metasploit-stagers.html" class="nav-list-link">The ins and outs of HTTP and HTTPS communications in Meterpreter and Metasploit Stagers</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html" class="nav-list-link">Timeout Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html" class="nav-list-link">Transport Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-unicode-support.html" class="nav-list-link">Unicode Support</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-wishlist.html" class="nav-list-link">Wishlist</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/RPC/" class="nav-list-link">RPC</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/RPC/how-to-use-metasploit-json-rpc.html" class="nav-list-link">How to use Metasploit JSON RPC</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/RPC/how-to-use-metasploit-messagepack-rpc.html" class="nav-list-link">How to use Metasploit Messagepack RPC</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/other/" class="nav-list-link">Other</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-metasploit-mcp-server.html" class="nav-list-link">How to use Metasploit MCP Server</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-metasploit-with-ngrok.html" class="nav-list-link">How to use Metasploit with ngrok</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-the-favorite-command.html" class="nav-list-link">How to use the Favorite command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/information-about-unmet-browser-exploit-requirements.html" class="nav-list-link">Information About Unmet Browser Exploit Requirements</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/other/oracle-support/" class="nav-list-link">Oracle Support</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/other/oracle-support/how-to-get-oracle-support-working-with-kali-linux.html" class="nav-list-link">How to get Oracle Support working with Kali Linux</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/oracle-support/oracle-usage.html" class="nav-list-link">Oracle Usage</a></ul><li class="nav-list-item active"><a href="/docs/using-metasploit/other/why-cve-is-not-available.html" class="nav-list-link">Why CVE is not available</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/" class="nav-list-link active">Development</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/get-started/" class="nav-list-link">Get Started</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/get-started/contributing-to-metasploit.html" class="nav-list-link">Contributing to Metasploit</a><li class="nav-list-item active"><a href="/docs/development/get-started/creating-your-first-pr.html" class="nav-list-link">Creating Your First PR</a><li class="nav-list-item active"><a href="/docs/development/get-started/setting-up-a-metasploit-development-environment.html" class="nav-list-link">Setting Up a Metasploit Development Environment</a><li class="nav-list-item active"><a href="/docs/development/get-started/sanitizing-pcaps.html" class="nav-list-link">Sanitizing PCAPs</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/get-started/git/" class="nav-list-link">Git</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/get-started/git/git-reference-sites.html" class="nav-list-link">Git Reference Sites</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/git-cheatsheet.html" class="nav-list-link">Git cheatsheet</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/keeping-in-sync-with-rapid7-master.html" class="nav-list-link">Keeping in sync with rapid7 master</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/remote-branch-pruning.html" class="nav-list-link">Remote Branch Pruning</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/using-git.html" class="nav-list-link">Using Git</a></ul><li class="nav-list-item active"><a href="/docs/development/get-started/navigating-and-understanding-metasploits-codebase.html" class="nav-list-link">Navigating the codebase</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/" class="nav-list-link active">Developing Modules</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/guides/" class="nav-list-link">Guides</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/guides/scanners/" class="nav-list-link">Scanners</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/scanners/how-to-write-a-http-loginscanner-module.html" class="nav-list-link">Writing a HTTP LoginScanner</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html" class="nav-list-link">Writing an FTP LoginScanner</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-check-microsoft-patch-levels-for-your-exploit.html" class="nav-list-link">How to check Microsoft patch levels for your exploit</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-use-fetch-payloads.html" class="nav-list-link">How to use Fetch Payloads</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-use-command-stagers.html" class="nav-list-link">How to use command stagers</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-check-method.html" class="nav-list-link">How to write a check method</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-cmd-injection-module.html" class="nav-list-link">How to write a cmd injection module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-browser-exploit-using-httpserver.html" class="nav-list-link">Writing a browser exploit</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-get-started-with-writing-a-post-module.html" class="nav-list-link">Writing a post module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-get-started-with-writing-an-auxiliary-module.html" class="nav-list-link">Writing an auxiliary module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/get-started-writing-an-exploit.html" class="nav-list-link">Writing an exploit</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/external-modules/" class="nav-list-link">External Modules</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-metasploit-modules.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-golang-modules.html" class="nav-list-link">Writing GoLang Modules</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-python-modules.html" class="nav-list-link">Writing Python Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/module-metadata/" class="nav-list-link">Module metadata</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/definition-of-module-reliability-side-effects-and-stability.html" class="nav-list-link">Definition of Module Reliability Side Effects and Stability</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/how-to-use-datastore-options.html" class="nav-list-link">How to use datastore options</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/module-reference-identifiers.html" class="nav-list-link">Module Reference Identifiers</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/" class="nav-list-link active">Libraries</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/api.html" class="nav-list-link">API</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-msf-auxiliary-authbrute-to-write-a-bruteforcer.html" class="nav-list-link">AuthBrute</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-cleanup-after-module-execution.html" class="nav-list-link">Cleanup</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/c/" class="nav-list-link">Compiling C</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-use-metasploit-framework-compiler-windows-to-compile-c-code.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-decode-base64-with-metasploit-framework-compiler.html" class="nav-list-link">Base64 Support</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-decrypt-rc4-with-metasploit-framework-compiler.html" class="nav-list-link">RC4 Support</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-xor-with-metasploit-framework-compiler.html" class="nav-list-link">XOR Support</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/deserialization/" class="nav-list-link">Deserialization</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/deserialization/dot-net-deserialization.html" class="nav-list-link">Dot Net Deserialization</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/deserialization/generating-ysoserial-java-serialized-objects.html" class="nav-list-link">Java Deserialization</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/handling-module-failures-with-fail_with.html" class="nav-list-link">Fail_with</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-fileformat-mixin-to-create-a-file-format-exploit.html" class="nav-list-link">Fileformat</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-git-mixin-to-write-an-exploit-module.html" class="nav-list-link">Git Mixin</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/http/" class="nav-list-link active">HTTP</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html" class="nav-list-link">BrowserExploitServer</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html" class="nav-list-link active">How to Send an HTTP Request Using HttpClient</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-parse-an-http-response.html" class="nav-list-link">How to parse an HTTP response</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-rex-proto-http-client.html" class="nav-list-link">How to send an HTTP request using Rex Proto Http Client</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-write-a-module-using-httpserver-and-httpclient.html" class="nav-list-link">How to write a module using HttpServer and HttpClient</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-log-in-metasploit.html" class="nav-list-link">Logging</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/obfuscation/" class="nav-list-link">Obfuscation</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/obfuscation/how-to-use-metasploit-framework-obfuscation-crandomizer.html" class="nav-list-link">C Obfuscation</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html" class="nav-list-link">JavaScript Obfuscation</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-phpexe-to-exploit-an-arbitrary-file-upload-bug.html" class="nav-list-link">PhpExe</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/post-mixins.html" class="nav-list-link">PostMixins</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-powershell-in-an-exploit.html" class="nav-list-link">Powershell</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-railgun-for-windows-post-exploitation.html" class="nav-list-link">Railgun</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/using-reflectivedll-injection.html" class="nav-list-link">ReflectiveDLL Injection</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-do-reporting-or-store-data-in-module-development.html" class="nav-list-link">Reporting and Storing Data</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-seh-mixin-to-exploit-an-exception-handler.html" class="nav-list-link">SEH Exploitation</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/smb_library/" class="nav-list-link">SMB Library</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/smb_library/guidelines-for-writing-modules-with-smb.html" class="nav-list-link">Guidelines for Writing Modules with SMB</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/smb_library/what-my-rex-proto-smb-error-means.html" class="nav-list-link">What my Rex Proto SMB Error means</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/sql-injection-libraries.html" class="nav-list-link">SQL Injection</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-msf-exploit-remote-tcp-mixin.html" class="nav-list-link">TCP</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-wbemexec-for-a-write-privilege-attack-on-windows.html" class="nav-list-link">WbemExec</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-zip-files-with-msf-util-exe-to_zip.html" class="nav-list-link">Zip</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/google-summer-of-code/" class="nav-list-link">Google Summer of Code</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-mentor-organization-application.html" class="nav-list-link">2017 Mentor Organization Application</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-project-ideas.html" class="nav-list-link">2017 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-student-proposal.html" class="nav-list-link">2017 Student Proposal</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2018-project-ideas.html" class="nav-list-link">2018 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2019-project-ideas.html" class="nav-list-link">2019 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2020-project-ideas.html" class="nav-list-link">2020 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2021-project-ideas.html" class="nav-list-link">2021 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2022-project-ideas.html" class="nav-list-link">2022 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2023-project-ideas.html" class="nav-list-link">2023 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2026-project-ideas.html" class="nav-list-link">2026 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/how-to-apply-to-gsoc.html" class="nav-list-link">How to Apply to GSoC</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/" class="nav-list-link">Maintainers</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/committer-keys.html" class="nav-list-link">Committer Keys</a><li class="nav-list-item active"><a href="/docs/development/maintainers/committer-rights.html" class="nav-list-link">Committer Rights</a><li class="nav-list-item active"><a href="/docs/development/maintainers/downloads-by-version.html" class="nav-list-link">Downloads by Version</a><li class="nav-list-item active"><a href="/docs/development/maintainers/metasploit-hackathons.html" class="nav-list-link">Metasploit Hackathons</a><li class="nav-list-item active"><a href="/docs/development/maintainers/metasploit-loginpalooza.html" class="nav-list-link">Metasploit Loginpalooza</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/process/" class="nav-list-link">Process</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/process/assigning-labels.html" class="nav-list-link">Assigning Labels</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/guidelines-for-accepting-modules-and-enhancements.html" class="nav-list-link">Guidelines for Accepting Modules and Enhancements</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/how-to-deprecate-a-metasploit-module.html" class="nav-list-link">How to deprecate a Metasploit module</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/landing-pull-requests.html" class="nav-list-link">Landing Pull Requests</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/adding-release-notes-to-prs.html" class="nav-list-link">Release Notes</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/rolling-back-merges.html" class="nav-list-link">Rolling back merges</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/unstable-modules.html" class="nav-list-link">Unstable Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/ruby-gems/" class="nav-list-link">Ruby Gems</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/how-to-add-and-update-gems-in-metasploit-framework.html" class="nav-list-link">Adding and Updating</a><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/merging-metasploit-payload-gem-updates.html" class="nav-list-link">Merging Metasploit Payload Gem Updates</a><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/using-local-gems.html" class="nav-list-link">Using local Gems</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/propsals/" class="nav-list-link">Proposals</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/propsals/bundled-modules-proposal.html" class="nav-list-link">Bundled Modules Proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/java-meterpreter-feature-parity-proposal.html" class="nav-list-link">Java Meterpreter Feature Parity Proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/msf6-feature-proposals.html" class="nav-list-link">MSF6 Feature Proposals</a><li class="nav-list-item active"><a href="/docs/development/propsals/metasploit-url-support-proposal.html" class="nav-list-link">Metasploit URL support proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/payload-rename-justification.html" class="nav-list-link">Payload Rename Justification</a><li class="nav-list-item active"><a href="/docs/development/propsals/uberhandler.html" class="nav-list-link">Uberhandler</a><li class="nav-list-item active"><a href="/docs/development/propsals/work-needed-to-allow-msfdb-to-use-postgresql-common.html" class="nav-list-link">Work needed to allow msfdb to use postgresql common</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/quality/" class="nav-list-link">Quality</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/quality/common-metasploit-module-coding-mistakes.html" class="nav-list-link">Common Metasploit Module Coding Mistakes</a><li class="nav-list-item active"><a href="/docs/development/quality/loading-test-modules.html" class="nav-list-link">Loading Test Modules</a><li class="nav-list-item active"><a href="/docs/development/quality/measuring-metasploit-performance.html" class="nav-list-link">Measuring Metasploit Performance</a><li class="nav-list-item active"><a href="/docs/development/quality/msftidy.html" class="nav-list-link">Msftidy</a><li class="nav-list-item active"><a href="/docs/development/quality/payload-testing.html" class="nav-list-link">Payload Testing</a><li class="nav-list-item active"><a href="/docs/development/quality/style-tips.html" class="nav-list-link">Style Tips</a><li class="nav-list-item active"><a href="/docs/development/quality/using-rubocop.html" class="nav-list-link">Using Rubocop</a><li class="nav-list-item active"><a href="/docs/development/quality/writing-module-documentation.html" class="nav-list-link">Writing Module Documentation</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/roadmap/" class="nav-list-link">Roadmap</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/roadmap/2017-roadmap.html" class="nav-list-link">2017 Roadmap</a><li class="nav-list-item active"><a href="/docs/development/roadmap/2017-roadmap-review.html" class="nav-list-link">2017 Roadmap Review</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-breaking-changes.html" class="nav-list-link">Metasploit Breaking Changes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-data-service-enhancements-goliath.html" class="nav-list-link">Metasploit Data Service</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-5-release-notes.html" class="nav-list-link">Metasploit Framework 5.0 Release Notes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-6-release-notes.html" class="nav-list-link">Metasploit Framework 6.0 Release Notes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-framework-wish-list.html" class="nav-list-link">Metasploit Framework Wish List</a></ul></ul><li class="nav-list-item active"><a href="/docs/contact.html" class="nav-list-link">Contact</a></ul></nav><footer class="site-footer"> This site uses <a href="https://github.com/pmarsceill/just-the-docs">Just the Docs</a>, a documentation theme for Jekyll.</footer></div><div class="main" id="top"><div id="main-header" class="main-header"><div class="search"><div class="search-input-wrap"> <input type="text" id="search-input" class="search-input" tabindex="0" placeholder="Search Metasploit Documentation" aria-label="Search Metasploit Documentation" autocomplete="off"> <label for="search-input" class="search-label"><svg viewBox="0 0 24 24" class="search-icon"><use xlink:href="#svg-search"></use></svg></label></div><div id="search-results" class="search-results"></div></div><link rel="stylesheet" href="/assets/css/main.css"><nav aria-label="Auxiliary" class="aux-nav"><ul class="aux-nav-list"><li class="aux-nav-list-item"> <a href="//github.com/rapid7/metasploit-framework" class="site-button" target="_blank" rel="noopener noreferrer" > Metasploit Framework on GitHub </a></ul></nav></div><div id="main-content-wrap" class="main-content-wrap"><nav aria-label="Breadcrumb" class="breadcrumb-nav"><ol class="breadcrumb-nav-list"><li class="breadcrumb-nav-list-item"> <a href="/docs/development/">Development</a><li class="breadcrumb-nav-list-item"> <a href="/docs/development/developing-modules/">Developing Modules</a><li class="breadcrumb-nav-list-item"> <a href="/docs/development/developing-modules/libraries/">Libraries</a><li class="breadcrumb-nav-list-item"> <a href="/docs/development/developing-modules/libraries/http/">HTTP</a><li class="breadcrumb-nav-list-item"> <span>How to Send an HTTP Request Using HttpClient</span></ol></nav><div id="main-content" class="main-content" role="main"><p>The <a href="https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient">HttpClient mixin</a> can be included with an exploit module in order to facilitate easier HTTP communications with a target machine.</p><h2 id="there-are-mainly-two-common-methods-you-will-see"> <a href="#there-are-mainly-two-common-methods-you-will-see" class="anchor-heading" aria-labelledby="there-are-mainly-two-common-methods-you-will-see"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> There are mainly two common methods you will see:</h2><ul><li><strong><a href="https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#send_request_raw-instance_method">send_request_raw</a></strong> - You use this to send a raw HTTP request. Usually, you will want this method if you need something that violates the specification; in most other cases, you should prefer <code class="language-plaintext highlighter-rouge">send_request_cgi</code>. If you wish to learn about how this method works, look at the documentation for <a href="https://docs.metasploit.com/api/Rex/Proto/Http/Client.html#request_raw-instance_method"><code class="language-plaintext highlighter-rouge">Rex::Proto::Http::Client#request_raw</code></a>.</ul><p>Heres a basic example of how to use <code class="language-plaintext highlighter-rouge">send_request_raw</code>:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="n">send_request_raw</span><span class="p">({</span><span class="s1">'uri'</span><span class="o">=&gt;</span><span class="s1">'/index.php'</span><span class="p">})</span>
</code></pre></div></div><ul><li><strong><a href="https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#send_request_cgi-instance_method">send_request_cgi</a></strong> - You use this to send a more CGI-compatible HTTP request. If your request contains a query string (or POST data), then you should use this. If you wish to learn about how this method works, check out <a href="https://docs.metasploit.com/api/Rex/Proto/Http/Client.html#request_cgi-instance_method"><code class="language-plaintext highlighter-rouge">Rex::Proto::Http::Client#request_cgi</code></a>.</ul><p>Heres a very basic example for <code class="language-plaintext highlighter-rouge">send_request_cgi</code>:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">send_request_cgi</span><span class="p">({</span>
<span class="s1">'method'</span> <span class="o">=&gt;</span> <span class="s1">'GET'</span><span class="p">,</span>
<span class="s1">'uri'</span> <span class="o">=&gt;</span> <span class="s1">'/hello_world.php'</span><span class="p">,</span>
<span class="s1">'vars_get'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="s1">'param_1'</span> <span class="o">=&gt;</span> <span class="s1">'abc'</span><span class="p">,</span>
<span class="s1">'param_2'</span> <span class="o">=&gt;</span> <span class="s1">'123'</span>
<span class="p">}</span>
<span class="p">})</span>
</code></pre></div></div><p><strong>Please note</strong>: <code class="language-plaintext highlighter-rouge">send_request_raw</code> and <code class="language-plaintext highlighter-rouge">send_request_cgi</code> will return a <code class="language-plaintext highlighter-rouge">nil</code> if theres a timeout, so please make sure to account for that condition when you handle the return value.</p><h2 id="cookies--cookiejars"> <a href="#cookies--cookiejars" class="anchor-heading" aria-labelledby="cookies--cookiejars"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Cookies &amp; CookieJars</h2><p>Part of send_request_cgi functionality is the ability to collect, edit, and send cookies via the HttpClients <code class="language-plaintext highlighter-rouge">cookie_jar</code> variable, an instance of the <a href="https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/http_cookie_jar.rb">HttpCookieJar</a> class.</p><p>A HttpCookieJar is a collection of <a href="https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/http_cookie.rb">HttpCookie</a>. The Jar can be populated manually with its <code class="language-plaintext highlighter-rouge">add</code> method, or automatically via the <code class="language-plaintext highlighter-rouge">keep_cookies</code> option that can be passed to <a href="https://github.com/rapid7/metasploit-framework/blob/92d981fff2b4a40324969fd1d1744219589b5fa3/lib/msf/core/exploit/remote/http_client.rb#L385">send_request_cgi</a>.</p><p>If you need to clear the cookie jar (for instance, using a 2nd login), try:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">cookie_jar</span><span class="p">.</span><span class="nf">clear</span>
</code></pre></div></div><h3 id="keep_cookies-option"> <a href="#keep_cookies-option" class="anchor-heading" aria-labelledby="keep_cookies-option"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> <code class="language-plaintext highlighter-rouge">keep_cookies</code> option</h3><p>Shown below is the request used to login to a gitlab account in the <a href="https://github.com/rapid7/metasploit-framework/blob/92d981fff2b4a40324969fd1d1744219589b5fa3/modules/exploits/multi/http/gitlab_file_read_rce.rb#L70">gitlab_file_read_rce exploit module</a></p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">res</span> <span class="o">=</span> <span class="vi">@http_client</span><span class="p">.</span><span class="nf">send_request_cgi</span><span class="p">({</span>
<span class="s1">'method'</span> <span class="o">=&gt;</span> <span class="s1">'POST'</span><span class="p">,</span>
<span class="s1">'uri'</span> <span class="o">=&gt;</span> <span class="s1">'/users/sign_in'</span><span class="p">,</span>
<span class="s1">'keep_cookies'</span> <span class="o">=&gt;</span> <span class="kp">true</span><span class="p">,</span>
<span class="s1">'vars_post'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="s1">'utf8'</span> <span class="o">=&gt;</span> <span class="s1">'✓'</span><span class="p">,</span>
<span class="s1">'authenticity_token'</span> <span class="o">=&gt;</span> <span class="n">csrf_token</span><span class="p">,</span>
<span class="s1">'user[login]'</span> <span class="o">=&gt;</span> <span class="n">username</span><span class="p">,</span>
<span class="s1">'user[password]'</span> <span class="o">=&gt;</span> <span class="n">password</span><span class="p">,</span>
<span class="s1">'user[remember_me]'</span> <span class="o">=&gt;</span> <span class="mi">0</span>
<span class="p">}</span>
<span class="p">})</span>
</code></pre></div></div><p>The cookies returned by the server with a successful login need to be attached to all future requests, so <code class="language-plaintext highlighter-rouge">'keep_cookies' =&gt; true,</code> is used to add all returned cookies to the HttpClient CookieJar and attach them to all subsequent requests.</p><h3 id="cookie-option"> <a href="#cookie-option" class="anchor-heading" aria-labelledby="cookie-option"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> <code class="language-plaintext highlighter-rouge">cookie</code> option</h3><p>Shown below is the request used to login to a gitlab account in the <a href="https://github.com/rapid7/metasploit-framework/blob/92d981fff2b4a40324969fd1d1744219589b5fa3/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb#L115">artica_proxy_auth_bypass_service_cmds_peform_command_injection module</a></p><p>artica_proxy_auth_bypass_service_cmds_peform_command_injection requires a specific cookie header to be sent with a request in order to achieve RCE. By setting a string of the desired header as the value of the <code class="language-plaintext highlighter-rouge">cookie</code> option, that string is set as the cookie header without any changes, allowing the exploit to be carried out.</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">res</span> <span class="o">=</span> <span class="n">send_request_cgi</span><span class="p">({</span>
<span class="s1">'method'</span> <span class="o">=&gt;</span> <span class="s1">'GET'</span><span class="p">,</span>
<span class="s1">'uri'</span> <span class="o">=&gt;</span> <span class="n">normalize_uri</span><span class="p">(</span><span class="n">target_uri</span><span class="p">.</span><span class="nf">path</span><span class="p">,</span> <span class="s1">'cyrus.index.php'</span><span class="p">),</span>
<span class="s1">'vars_get'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="s1">'service-cmds-peform'</span> <span class="o">=&gt;</span> <span class="s2">"||</span><span class="si">#{</span><span class="no">Rex</span><span class="o">::</span><span class="no">Text</span><span class="p">.</span><span class="nf">uri_encode</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="s1">'hex-all'</span><span class="p">)</span><span class="si">}</span><span class="s2">||"</span>
<span class="p">},</span>
<span class="s1">'cookie'</span> <span class="o">=&gt;</span> <span class="s2">"PHPSESSID=</span><span class="si">#{</span><span class="vi">@phpsessid</span><span class="si">}</span><span class="s2">; AsWebStatisticsCooKie=1; shellinaboxCooKie=1"</span>
<span class="p">})</span>
</code></pre></div></div><p>Any object passed to <code class="language-plaintext highlighter-rouge">cookie</code> that isnt an instance of HttpCookieJar will have <code class="language-plaintext highlighter-rouge">to_s</code> called on it. The result of <code class="language-plaintext highlighter-rouge">to_s</code> will be set as the cookie header of the http request. The contents of the HttpClient cookie_jar is ignored <strong><em>only</em></strong> this request. Subsequent requests are unaffected.</p><hr /><p>Module authors can also pass an instance of <code class="language-plaintext highlighter-rouge">HttpCookieJar</code> with the <code class="language-plaintext highlighter-rouge">cookie</code> option.</p><p>Important: Cookies added to a <code class="language-plaintext highlighter-rouge">HttpCookieJar</code> must have both <code class="language-plaintext highlighter-rouge">domain</code> and <code class="language-plaintext highlighter-rouge">path</code> set, and cookie values must be strings. Without these attributes the underlying cookie store will raise an <code class="language-plaintext highlighter-rouge">ArgumentError</code>.</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">cj</span> <span class="o">=</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span><span class="o">::</span><span class="no">HTTP</span><span class="o">::</span><span class="no">HttpCookieJar</span><span class="p">.</span><span class="nf">new</span>
<span class="n">target_host</span> <span class="o">=</span> <span class="n">datastore</span><span class="p">[</span><span class="s1">'RHOST'</span><span class="p">]</span>
<span class="n">cj</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span><span class="o">::</span><span class="no">HTTP</span><span class="o">::</span><span class="no">HttpCookie</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s1">'PHPSESSID'</span><span class="p">,</span> <span class="vi">@phpsessid</span><span class="p">,</span> <span class="ss">domain: </span><span class="n">target_host</span><span class="p">,</span> <span class="ss">path: </span><span class="s1">'/'</span><span class="p">))</span>
<span class="n">cj</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span><span class="o">::</span><span class="no">HTTP</span><span class="o">::</span><span class="no">HttpCookie</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s1">'AsWebStatisticsCooKie'</span><span class="p">,</span> <span class="s1">'1'</span><span class="p">,</span> <span class="ss">domain: </span><span class="n">target_host</span><span class="p">,</span> <span class="ss">path: </span><span class="s1">'/'</span><span class="p">))</span>
<span class="n">cj</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span><span class="o">::</span><span class="no">HTTP</span><span class="o">::</span><span class="no">HttpCookie</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s1">'shellinaboxCooKie'</span><span class="p">,</span> <span class="s1">'1'</span><span class="p">,</span> <span class="ss">domain: </span><span class="n">target_host</span><span class="p">,</span> <span class="ss">path: </span><span class="s1">'/'</span><span class="p">))</span>
<span class="n">res</span> <span class="o">=</span> <span class="n">send_request_cgi</span><span class="p">({</span>
<span class="s1">'method'</span> <span class="o">=&gt;</span> <span class="s1">'GET'</span><span class="p">,</span>
<span class="s1">'uri'</span> <span class="o">=&gt;</span> <span class="n">normalize_uri</span><span class="p">(</span><span class="n">target_uri</span><span class="p">.</span><span class="nf">path</span><span class="p">,</span> <span class="s1">'cyrus.index.php'</span><span class="p">),</span>
<span class="s1">'vars_get'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="s1">'service-cmds-peform'</span> <span class="o">=&gt;</span> <span class="s2">"||</span><span class="si">#{</span><span class="no">Rex</span><span class="o">::</span><span class="no">Text</span><span class="p">.</span><span class="nf">uri_encode</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="s1">'hex-all'</span><span class="p">)</span><span class="si">}</span><span class="s2">||"</span>
<span class="p">},</span>
<span class="s1">'cookie'</span> <span class="o">=&gt;</span> <span class="n">cj</span>
<span class="p">})</span>
</code></pre></div></div><p>The above code would create an identical cookie header to the one used in the previous example, save for a random ordering of the name value pairs. This shouldnt affect how the server would read the cookies, but its still worth keeping in mind if youve somehow found a vuln reliant on the order of cookies in a header.</p><h3 id="expire_cookies"> <a href="#expire_cookies" class="anchor-heading" aria-labelledby="expire_cookies"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> expire_cookies</h3><p><code class="language-plaintext highlighter-rouge">send_request_cgi</code> will call <code class="language-plaintext highlighter-rouge">cleanup</code> on <code class="language-plaintext highlighter-rouge">cookie_jar</code> before iot is used to populate a request with cookies. <code class="language-plaintext highlighter-rouge">cleanup</code> will remove any expired cookies permenetly from the jar, affecting all future requests.</p><p>If this behaviour isnt deisred and an author would prefer to keep expired cookies in the jar, the <code class="language-plaintext highlighter-rouge">expire_cookies</code> option can be set to false:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">res</span> <span class="o">=</span> <span class="n">send_request_cgi</span><span class="p">({</span>
<span class="s1">'method'</span> <span class="o">=&gt;</span> <span class="s1">'GET'</span><span class="p">,</span>
<span class="s1">'uri'</span> <span class="o">=&gt;</span> <span class="n">normalize_uri</span><span class="p">(</span><span class="n">target_uri</span><span class="p">.</span><span class="nf">path</span><span class="p">,</span> <span class="s1">'cyrus.index.php'</span><span class="p">),</span>
<span class="s1">'vars_get'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="s1">'service-cmds-peform'</span> <span class="o">=&gt;</span> <span class="s2">"||</span><span class="si">#{</span><span class="no">Rex</span><span class="o">::</span><span class="no">Text</span><span class="p">.</span><span class="nf">uri_encode</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="s1">'hex-all'</span><span class="p">)</span><span class="si">}</span><span class="s2">||"</span>
<span class="p">},</span>
<span class="s1">'cookie'</span> <span class="o">=&gt;</span> <span class="s2">"PHPSESSID=</span><span class="si">#{</span><span class="vi">@phpsessid</span><span class="si">}</span><span class="s2">; AsWebStatisticsCooKie=1; shellinaboxCooKie=1"</span><span class="p">,</span>
<span class="s1">'expire_cookies'</span> <span class="o">=&gt;</span> <span class="kp">false</span>
<span class="p">})</span>
</code></pre></div></div><h2 id="uri-parsing"> <a href="#uri-parsing" class="anchor-heading" aria-labelledby="uri-parsing"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> URI Parsing</h2><p>Before you send a HTTP request, you will most likely have to do some URI parsing. This is a tricky task, because sometimes when you join paths, you may accidentally get double slashes, like this: “/test//index.php”. Or for some reason you have a missing slash. These are really commonly made mistakes. So heres how you can handle it safely:</p><p><strong>1</strong> - Register your default URI datastore option as TARGETURI:</p><p>Example:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">register_options</span><span class="p">(</span>
<span class="p">[</span>
<span class="no">OptString</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s1">'TARGETURI'</span><span class="p">,</span> <span class="p">[</span><span class="kp">true</span><span class="p">,</span> <span class="s1">'The base path to XXX application'</span><span class="p">,</span> <span class="s1">'/xxx_v1/'</span><span class="p">])</span>
<span class="p">]</span>
<span class="p">)</span>
</code></pre></div></div><p><strong>2</strong> - Load your TARGETURI with <a href="https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#target_uri-instance_method"><code class="language-plaintext highlighter-rouge">target_uri</code></a>, that way the URI input validation will kick in, and then you get a real <code class="language-plaintext highlighter-rouge">URI</code> object:</p><p>In this example, well just load the path:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">uri</span> <span class="o">=</span> <span class="n">target_uri</span><span class="p">.</span><span class="nf">path</span>
</code></pre></div></div><p><strong>3</strong> - When you want to join another URI, always use <a href="https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#normalize_uri-instance_method"><code class="language-plaintext highlighter-rouge">normalize_uri</code></a>:</p><p>Example:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Returns: "/xxx_v1/admin/upload.php"</span>
<span class="n">uri</span> <span class="o">=</span> <span class="n">normalize_uri</span><span class="p">(</span><span class="n">uri</span><span class="p">,</span> <span class="s1">'admin'</span><span class="p">,</span> <span class="s1">'upload.php'</span><span class="p">)</span>
</code></pre></div></div><p><strong>4</strong> - When youre done normalizing the URI, youre ready to use <code class="language-plaintext highlighter-rouge">send_request_cgi</code> or <code class="language-plaintext highlighter-rouge">send_request_raw</code></p><p>Please note: The <code class="language-plaintext highlighter-rouge">normalize_uri</code> method will always follow these rules:</p><ol><li>The URI should always begin with a slash.<li>You will have to decide if you need the trailing slash or not.<li>There should be no double slashes.</ol><h2 id="full-example"> <a href="#full-example" class="anchor-heading" aria-labelledby="full-example"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Full Example</h2><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">class</span> <span class="nc">MetasploitModule</span> <span class="o">&lt;</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Auxiliary</span>
<span class="kp">include</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span><span class="o">::</span><span class="no">HttpClient</span>
<span class="k">def</span> <span class="nf">initialize</span><span class="p">(</span><span class="n">info</span> <span class="o">=</span> <span class="p">{})</span>
<span class="k">super</span><span class="p">(</span>
<span class="n">update_info</span><span class="p">(</span>
<span class="n">info</span><span class="p">,</span>
<span class="s1">'Name'</span> <span class="o">=&gt;</span> <span class="s1">'HttpClient Example'</span><span class="p">,</span>
<span class="s1">'Description'</span> <span class="o">=&gt;</span> <span class="sx">%q{
Do a send_request_cgi()
}</span><span class="p">,</span>
<span class="s1">'Author'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'sinn3r'</span> <span class="p">],</span>
<span class="s1">'License'</span> <span class="o">=&gt;</span> <span class="no">MSF_LICENSE</span>
<span class="p">)</span>
<span class="p">)</span>
<span class="n">register_options</span><span class="p">(</span>
<span class="p">[</span>
<span class="no">OptString</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s1">'TARGETURI'</span><span class="p">,</span> <span class="p">[</span><span class="kp">true</span><span class="p">,</span> <span class="s1">'The base path'</span><span class="p">,</span> <span class="s1">'/'</span><span class="p">])</span>
<span class="p">]</span>
<span class="p">)</span>
<span class="k">end</span>
<span class="k">def</span> <span class="nf">run</span>
<span class="n">uri</span> <span class="o">=</span> <span class="n">target_uri</span><span class="p">.</span><span class="nf">path</span>
<span class="n">res</span> <span class="o">=</span> <span class="n">send_request_cgi</span><span class="p">({</span>
<span class="s1">'method'</span> <span class="o">=&gt;</span> <span class="s1">'GET'</span><span class="p">,</span>
<span class="s1">'uri'</span> <span class="o">=&gt;</span> <span class="n">normalize_uri</span><span class="p">(</span><span class="n">uri</span><span class="p">,</span> <span class="s1">'admin'</span><span class="p">,</span> <span class="s1">'index.php'</span><span class="p">),</span>
<span class="s1">'vars_get'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="s1">'p1'</span> <span class="o">=&gt;</span> <span class="s1">'This is param 1'</span><span class="p">,</span>
<span class="s1">'p2'</span> <span class="o">=&gt;</span> <span class="s1">'This is param 2'</span>
<span class="p">}</span>
<span class="p">})</span>
<span class="k">if</span> <span class="n">res</span> <span class="o">&amp;&amp;</span> <span class="n">res</span><span class="p">.</span><span class="nf">code</span> <span class="o">==</span> <span class="mi">200</span>
<span class="n">print_good</span><span class="p">(</span><span class="s1">'I got a 200, awesome'</span><span class="p">)</span>
<span class="k">else</span>
<span class="n">print_error</span><span class="p">(</span><span class="s1">'No 200, feeling blue'</span><span class="p">)</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
</code></pre></div></div><h2 id="working-with-burp-suite"> <a href="#working-with-burp-suite" class="anchor-heading" aria-labelledby="working-with-burp-suite"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Working with Burp Suite</h2><p>Burp Suite is a useful tool to examine or modify HTTPS traffic while developing a module using HttpClient. To do this:</p><ol><li>Start Burp: <code class="language-plaintext highlighter-rouge">java -jar burpsuite.jar</code><li>In Burp, click on the Proxies tab, and then Options. Configure the proxy listener there. In this example, lets say we have a listener on port 6666.<li>Once the Burp listener is up, start msfconsole and load the module youre working on.<li>Enter: <code class="language-plaintext highlighter-rouge">set Proxies HTTP:127.0.0.1:6666</code><li>Go ahead and run the module, Burp should intercept the HTTPS traffic.</ol><p>Note that Burp only supports HTTPS for HttpClient. This problem is only specific to Burp and Metasploit.</p><p>If you need to examine HTTP traffic for HttpClient, a workaround is adding the following method in your module. This will override HttpClients send_request_* method, and return the modified output:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">send_request_cgi</span><span class="p">(</span><span class="n">opts</span><span class="p">)</span>
<span class="n">res</span> <span class="o">=</span> <span class="k">super</span><span class="p">(</span><span class="n">opts</span><span class="p">)</span>
<span class="nb">puts</span> <span class="n">res</span><span class="p">.</span><span class="nf">request</span><span class="p">.</span><span class="nf">to_s</span>
<span class="nb">puts</span>
<span class="nb">puts</span> <span class="n">res</span><span class="p">.</span><span class="nf">to_s</span>
<span class="nb">puts</span>
<span class="nb">puts</span>
<span class="k">end</span>
</code></pre></div></div><p>You can do the same for send_request_raw as well.</p><h2 id="other-common-questions"> <a href="#other-common-questions" class="anchor-heading" aria-labelledby="other-common-questions"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Other Common questions:</h2><p><strong>1 - Can I use <code class="language-plaintext highlighter-rouge">vars_get</code> and <code class="language-plaintext highlighter-rouge">vars_post</code> together?</strong></p><p>Yes. When you supply a hash to <code class="language-plaintext highlighter-rouge">vars_get</code>, basically it means “put all this data in the query string”. When you supply a hash to <code class="language-plaintext highlighter-rouge">vars_post</code>, it means “put all this data in the body.” All of them will be in the same request. You do need to make sure youre using <code class="language-plaintext highlighter-rouge">send_request_cgi</code>, of course.</p><p><strong>2 - I cant use <code class="language-plaintext highlighter-rouge">vars_get</code> or <code class="language-plaintext highlighter-rouge">vars_post</code> due to some weird reason, what to do?</strong></p><p>Do mention about this problem in the code (as a comment). If you cant use <code class="language-plaintext highlighter-rouge">vars_post</code>, you can try the <code class="language-plaintext highlighter-rouge">data</code> key instead, which will send your post data raw. Normally, the most common solution to get around <code class="language-plaintext highlighter-rouge">vars_get</code> is to leave your stuff in the <code class="language-plaintext highlighter-rouge">uri</code> key. msftidy will flag this, but only as an “Info” and not a warning, which means you should still pass msftidy anyway. If this is a common problem, we can always change msftidy.</p><p><strong>3 - Do I need to manually do basic auth?</strong></p><p>You do not need to manually do basic auth in your request, because HttpClient should automatically do that for you. All you have to do is set the username and password in the datastore options, and then the mixin will use that when the web server asks.</p><p><strong>4 - How do I send a MIME request?</strong></p><p>See <a href="https://github.com/rapid7/rex-mime/blob/master/lib/rex/mime/message.rb">Rex::MIME::Message</a></p><h2 id="references"> <a href="#references" class="anchor-heading" aria-labelledby="references"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> References</h2><ul><li><a href="/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-rex-proto-http-client.html">How to send an HTTP request using Rex Proto Http Client</a></ul><hr><footer><p><a href="#top" id="back-to-top">Back to top</a></p><p class="text-small text-grey-dk-000 mb-0"> <a href="https://github.com/rapid7/metasploit-framework/tree/master/docs/metasploit-framework.wiki/How-to-Send-an-HTTP-Request-Using-HttpClient.md" id="edit-this-page">Edit this page on GitHub</a></p></footer></div></div><div class="search-overlay"></div></div><script type="text/javascript" src="/assets/js/toggle_mode.js"></script> <script> var config = { theme: 'default', logLevel: 'fatal', securityLevel: 'strict', startOnLoad: true, arrowMarkerAbsolute: false, er: { diagramPadding: 20, layoutDirection: 'TB', minEntityWidth: 100, minEntityHeight: 75, entityPadding: 15, stroke: 'gray', fill: 'honeydew', fontSize: 12, useMaxWidth: true, }, flowchart:{ diagramPadding: 8, htmlLabels: true, curve: 'basis', }, sequence: { diagramMarginX: 50, diagramMarginY: 10, actorMargin: 50, width: 150, height: 65, boxMargin: 10, boxTextMargin: 5, noteMargin: 10, messageMargin: 35, messageAlign: 'center', mirrorActors: true, bottomMarginAdj: 1, useMaxWidth: true, rightAngles: false, showSequenceNumbers: false, }, gantt: { titleTopMargin: 25, barHeight: 20, barGap: 4, topPadding: 50, leftPadding: 75, fontSize: 11, gridLineStartPadding: 35, fontFamily: '\'Open Sans\', sans-serif', numberSectionStyles: 4, axisFormat: '%Y-%m-%d', topAxis: false, }, }; mermaid.initialize(config); window.mermaid.init(undefined, document.querySelectorAll('.language-mermaid')); </script>
Reference in New Issue View Git Blame Copy Permalink