What's wrong with this HTTP POST request?

Question

I'm trying to fuzz a server using the Sulley fuzzing framework.

I observe the following stream in Wireshark. The error talks about a problem with JSON parsing, however, when I try the same HTTP POST request using Google Chrome's Postman extension, it succeeds.

Can anyone please explain what could be wrong about this HTTP POST request? The JSON seems valid.

POST /restconf/config HTTP/1.1
Host: 127.0.0.1:8080
Accept: */*
Content-Type: application/yang.data+json
{ "toaster:toaster" : { "toaster:toasterManufacturer" : "Geqq", "toaster:toasterModelNumber" : "asaxc", "toaster:toasterStatus" : "_." }}


HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Content-Type: */*
Transfer-Encoding: chunked
Date: Sat, 07 Jun 2014 05:26:35 GMT
Connection: close

152
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<errors xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf">
    <error>
        <error-type>protocol</error-type>
        <error-tag>malformed-message</error-tag>
        <error-message>Error parsing input: Root element of Json has to be Object</error-message>
    </error>
</errors>

0

score 3 · Answer 1 · answered Jun 08 '14 at 05:07

3

It was the "Content-Length" property that was missing in the header and the server thought it was mandatory, which I suppose shouldn't be mandatory?

After adding the "Content-Length" to the header, works like a charm.

answered Jun 08 '14 at 05:07

bigboy

101
1
1
4

2

RFC 2616 section 4.4 says _If a request contains a message-body and a Content-Length is not given, the server SHOULD respond with 400 (bad request) if it cannot determine the length of the message_ – Barmar Jun 11 '14 at 04:11

score 1 · Answer 2 · answered Jun 07 '14 at 09:33

1

Based on your message, it should be a blank line before the body of the POST Request. Can you try adding one ?

As is, it is possible the server sees this request with no body and an header like :

{ "toaster:toaster" : value

which would explain the error.

answered Jun 07 '14 at 09:33

Cédric Couralet

272
1
7

Still doesn't work. :( – bigboy Jun 07 '14 at 13:32

score 0 · Answer 3 · answered Jun 07 '14 at 08:22

0

Maybe it's because of the "Content-Type" header. If the server is configured to accept only "application/json" then it might return this error code. Though it should return "415 Unsupported Media Type" according to RFC2616.

This is just a guess, but you could try changing the "Content-Type" header to "application/json".

answered Jun 07 '14 at 08:22

Benjamin

1

Nope. Tried changing the "Content-Type" to "application/json". Still the same error. – bigboy Jun 07 '14 at 08:29

score 0 · Answer 4 · answered Sep 01 '19 at 02:03

It appears you may be missing a CRLF in between your last header and the payload of your request.

i.e. you have

POST /restconf/config HTTP/1.1
Host: 127.0.0.1:8080
Accept: */*
Content-Type: application/yang.data+json
{ "toaster:toaster" : { "toaster:toasterManufacturer" : "Geqq", "toaster:toasterModelNumber" : "asaxc", "toaster:toasterStatus" : "_." }}

and it should be

POST /restconf/config HTTP/1.1
Host: 127.0.0.1:8080
Accept: */*
Content-Type: application/yang.data+json

{ "toaster:toaster" : { "toaster:toasterManufacturer" : "Geqq", "toaster:toasterModelNumber" : "asaxc", "toaster:toasterStatus" : "_." }}

What's wrong with this HTTP POST request?

4 Answers4