7

I'm trying to fuzz a server using the Sulley fuzzing framework.

I observe the following stream in Wireshark. The error talks about a problem with JSON parsing, however, when I try the same HTTP POST request using Google Chrome's Postman extension, it succeeds.

Can anyone please explain what could be wrong about this HTTP POST request? The JSON seems valid.

POST /restconf/config HTTP/1.1 Host: 127.0.0.1:8080 Accept: */* Content-Type: application/yang.data+json { "toaster:toaster" : { "toaster:toasterManufacturer" : "Geqq", "toaster:toasterModelNumber" : "asaxc", "toaster:toasterStatus" : "_." }} HTTP/1.1 400 Bad Request Server: Apache-Coyote/1.1 Content-Type: */* Transfer-Encoding: chunked Date: Sat, 07 Jun 2014 05:26:35 GMT Connection: close 152 <?xml version="1.0" encoding="UTF-8" standalone="no"?> <errors xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf"> <error> <error-type>protocol</error-type> <error-tag>malformed-message</error-tag> <error-message>Error parsing input: Root element of Json has to be Object</error-message> </error> </errors> 0
Improve this question

4 Answers 4

Reset to default
3

It was the "Content-Length" property that was missing in the header and the server thought it was mandatory, which I suppose shouldn't be mandatory?

After adding the "Content-Length" to the header, works like a charm.

Improve this answer
1
  • 2
    RFC 2616 section 4.4 says If a request contains a message-body and a Content-Length is not given, the server SHOULD respond with 400 (bad request) if it cannot determine the length of the message Commented Jun 11, 2014 at 4:11
1

Based on your message, it should be a blank line before the body of the POST Request. Can you try adding one ?

As is, it is possible the server sees this request with no body and an header like :

{ "toaster:toaster" : value

which would explain the error.

Improve this answer
1
  • Still doesn't work. :( Commented Jun 7, 2014 at 13:32
0

Maybe it's because of the "Content-Type" header. If the server is configured to accept only "application/json" then it might return this error code. Though it should return "415 Unsupported Media Type" according to RFC2616.

This is just a guess, but you could try changing the "Content-Type" header to "application/json".

Improve this answer
1
  • Nope. Tried changing the "Content-Type" to "application/json". Still the same error. Commented Jun 7, 2014 at 8:29
0

It appears you may be missing a CRLF in between your last header and the payload of your request.

i.e. you have

POST /restconf/config HTTP/1.1 Host: 127.0.0.1:8080 Accept: */* Content-Type: application/yang.data+json { "toaster:toaster" : { "toaster:toasterManufacturer" : "Geqq", "toaster:toasterModelNumber" : "asaxc", "toaster:toasterStatus" : "_." }}

and it should be

POST /restconf/config HTTP/1.1 Host: 127.0.0.1:8080 Accept: */* Content-Type: application/yang.data+json { "toaster:toaster" : { "toaster:toasterManufacturer" : "Geqq", "toaster:toasterModelNumber" : "asaxc", "toaster:toasterStatus" : "_." }}
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.