I'm trying to help a developer who is trying to harden a web server against server-side request forgery. In short, I've wrote a script that sends a "forged" HTTP request which we will use to test against the server until it is configured to not respond to such manipulated requests. I'm getting an error on Invoke-WebRequest: "Cannot validate argument on parameter 'Uri'" and while I've tried a ton of different combos of the below code I cannot get it to fly. Any thoughts? (Note: my-ef.example.com below is not the actual host)
#requires -Version 5
#requires -PSEdition Desktop
class TrustAllCertsPolicy : System.Net.ICertificatePolicy {
[bool] CheckValidationResult([System.Net.ServicePoint] $a,
[System.Security.Cryptography.X509Certificates.X509Certificate] $b,
[System.Net.WebRequest] $c,
[int] $d) {
return $true
}
}
[System.Net.ServicePointManager]::CertificatePolicy = [TrustAllCertsPolicy]::new()
$Params = @{
Uri = 'http://192.168.1.119'
Host = 'my-ef.example.com'
Method = 'GET'
Headers = @{"Cache-Control" = "no-cache, no-transform"; "Connection" = "close"; "Pragma" = "no-cache"}
}
Invoke-WebRequest -Method 'POST' -Uri $url
The above code always throws the error:
Invoke-WebRequest : Cannot validate argument on parameter 'Uri'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
