0

As i'm working on Nessus scanner, I have to pass parameters to create a scan. the body of the request should be:

    {
      "uuid": {template_uuid},
      "settings": {
        "name": {string},
        "description": {string},
        "emails": {string},
        "launch": {string},
        "folder_id": {integer},
        "policy_id": {integer},
        "scanner_id": {integer},
        "text_targets": {string}
      }
    }

currently I'm trying to pass these parameters by means of the below code:

public static void createScan(){
    String url = SERVER_URL+"/scans";
    String[] paramName = {"uuid", "settings.name","settings.policy_id","settings.text_targets"};
    String[] paramVal = {"xxxx", "xxxx", "xxxx","xx.xx.xxx.xxx"};
        try {
            String token = login();
            httpPost(url, paramName, paramVal, token);
        } catch (Exception e) {
            e.printStackTrace();
        }
}
public static String httpPost(String urlStr, String[] paramName, String[] paramVal, String token) throws Exception {
        URL url = new URL(urlStr);
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.setRequestMethod("POST");
        conn.setDoOutput(true);
        conn.setDoInput(true);
        conn.setUseCaches(false);
        conn.setAllowUserInteraction(false);
        conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        conn.setConnectTimeout(500000);
        conn.setReadTimeout(500000);
        conn.setRequestProperty("X-Cookie:", "token=" + token + ";");


        if (paramName != null && paramVal != null) {
            OutputStream out = conn.getOutputStream();
            Writer writer = new OutputStreamWriter(out, "UTF-8");
            for (int i = 0; i < paramName.length; i++) {
                writer.write(paramName[i]);
                writer.write("=");
                writer.write(URLEncoder.encode(paramVal[i], "UTF-8"));
                writer.write("&");
            }
            writer.close();
            out.close();
        }

        if (conn.getResponseCode() != 200) {
            throw new IOException(conn.getResponseMessage());
        }

        BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
        StringBuilder sb = new StringBuilder();
        String line;
        while ((line = rd.readLine()) != null) {
            sb.append(line);
        }
        rd.close();
    conn.disconnect();
    return sb.toString();
}

and currently by running the above code I'm getting:

Response code: 403
java.io.IOException: Unauthorized

please help me to pass these parameters successfully to create a scan in the Nessus

Nani
  • 1,148
  • 3
  • 20
  • 35

1 Answers1

0

I cant really help you with the issue but you should really consider using jackson or some other xml/json parser since it seems you need to send the data in JSON. Way easier to just pass an object and Jackson parser will convert it to JSON.

More info on: http://jackson.codehaus.org/

Also consider using apache httpclient since its included in android anyway. Way less messy and easier to maintain.

breakline
  • 5,776
  • 8
  • 45
  • 84