API Server
Faraday Server API¶
Faraday has a RESTful API under _api url prefix where the server is configured (example: https://server.faradaysec.com:5985/_api/v3/)
The Faraday REST API enables you to interact with our server. Use this API to interact or integrate with Faraday server. [This page] documents the REST API, with HTTP response codes and example requests and responses.
We have a Swagger page to explore the api here:
Faraday Server API Description¶
Faraday has a Server RESTful API by default running on 127.0.0.1:5985.
INFO: On cloud, you have to replace this with "https://yourdomain.faradaysec.com/"
You can check all API endpoints with the command:
$ faraday-manage show-urls
Methods¶
POST: creates objects
GET: get a list of objects or get one object given its object_id
PUT: update object
DELETE: delete object
Headers¶
Our API endpoints support JSON and you must always include the header:
Content-Type: application/json
Authentication¶
The server API requires authentication. Currently, we support cookie authentication.
The endpoint for login is /_api/login and the json payload is:
{"email": "USERNAME", "password": "SECRET_PASSWORD"}
Endpoints Faraday Config: Here are the list of API endpoints for license, users, workspace and authentication:
(HEAD, POST, OPTIONS, GET) -> '/login'
(HEAD, OPTIONS, GET) -> '/logout'
(HEAD, OPTIONS, GET) -> '/session'
(HEAD, POST, OPTIONS, GET) -> '/change'
(HEAD, OPTIONS, GET) -> '/config'
(HEAD, OPTIONS, GET) -> '/_api/v3/licenses/'
(POST, OPTIONS) -> '/_api/v3/licenses/'
(OPTIONS, DELETE) -> '/_api/v3/licenses/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/licenses/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/licenses/<object_id>/'
(OPTIONS, DELETE) -> '/_api/v3/users/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/users/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/users/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/users/'
(POST, OPTIONS) -> '/_api/v3/users/'
(HEAD, OPTIONS, GET) -> '/_api/v3/in'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/'
(POST, OPTIONS) -> '/_api/v3/ws/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<object_id>/'
Host¶
This API endpoint allows you to change the Host objects:
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/hosts/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/hosts/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/hosts/count/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/hosts/countVulns/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/hosts/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/hosts/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/hosts/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/hosts/<host_id>/services/'
(DELETE, OPTIONS) -> '/_api/v3/ws/<workspace_name>/hosts/bulk_delete/'
{
"ip":"test",
"hostnames": [],
"mac":"00:00:00:00:00:00",
"description":"",
"default_gateway":"None",
"os":"",
"owned":false,
"owner":""
}
Services
This API endpoint allows you to change the Service objects:
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/services/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/services/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/services/count/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/services/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/services/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/services/<object_id>/'
JSON Body of the Service object:
{
"name":"test",
"description":"",
"owned":false,
"owner":"",
"ports":[8080],
"protocol":"tcp",
"parent":1156,
"status":"open",
"version":"",
"type":"Service"
}
Vulnerability This API endpoint allows you to change the Vulnerability objects:
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/vulns/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/vulns/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/vulns/count/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/vulns/timeline/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/vulns/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/vulns/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/vulns/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/vulns/<vuln_id>/attachment/<attachment_filename>/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace>/upload_report'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/tags/'
JSON Body of the Vulnerability object:
INFO: key named type can be:¶
vulnerability: Normal vulnerability, the parent could be a service or a host. vulnerability_web: Web vulnerability, the parent can only be a service.
{
"owner":"faraday",
"parent":1156,
"parent_type":"Host",
"type":"Vulnerability",
"ws":"api",
"confirmed":true,
"data":"",
"desc":"Testing API",
"impact":
{
"accountability":false,
"availability":false,
"confidentiality":false,
"integrity":false
},
"name":"test",
"owned":false,
"policyviolations":[],
"refs":[],
"resolution":"",
"severity":"high",
"issuetracker":"",
"status":"opened",
"_attachments":{},
"description":"",
"protocol":"",
"version":""
}
Tasks¶
This API endpoint allows you to change the Task objects:
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/tasks/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/tasks/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/tasks/count/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/tasks/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/tasks/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/tasks/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/taskGroups/manualimport/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/taskGroups/import/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/taskGroups/count/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/taskGroups/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/taskGroups/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/taskGroups/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/taskGroups/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/taskGroups/'
(HEAD, OPTIONS, GET) -> '/_api/v3/task_template/'
(POST, OPTIONS) -> '/_api/v3/task_template/'
(OPTIONS, DELETE) -> '/_api/v3/task_template/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/task_template/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/task_template/<object_id>/'
(OPTIONS, DELETE) -> '/_api/v3/methodology_template/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/methodology_template/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/methodology_template/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/methodology_template/'
(POST, OPTIONS) -> '/_api/v3/methodology_template/'
{
"name":"test",
"type":"TaskGroup",
"group_type":"instance",
"instance_of":"",
"tCompletedtasks":0,
"totaltasks":0
}
Reports This API endpoint allows you to create reports from the API and download them:
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/reports/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/reports/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/reports/count/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/reports/countVulns/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/reports/listTemplates/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/reports/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/reports/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/reports/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/reports/<report_id>/download/'
{
"name":"Testing-API",
"tags":[],
"title":"Network XYZ",
"enterprise":"ACMEINC",
"scope":"Scope",
"objectives":"Objetives",
"summary":"Summ",
"confirmed":false,
"conclusions":"Conclusions",
"recommendations":"Recommendations",
"vuln_count":4,
"template_name":"generic_default.docx",
"grouped":false
}
Vulnerability Template¶
This API endpoint allows you to change the Vulnerability Template (VulnDB) objects:
(HEAD, OPTIONS, GET) -> '/_api/v3/vulnerability_template/'
(POST, OPTIONS) -> '/_api/v3/vulnerability_template/'
(OPTIONS, DELETE) -> '/_api/v3/vulnerability_template/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/vulnerability_template/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/vulnerability_template/<object_id>/'
JSON Body of the Vulnerability Template object:
{
"cwe":"",
"description":"Test",
"desc":"",
"exploitation":"high",
"name":"Testing API",
"references":[],
"refs":[],
"resolution":"",
"type":"vulnerability_template"
}
Credentials This API endpoint allows you to change the Credential objects:
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/credential/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/credential/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/credential/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/credential/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/credential/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/credential/count/'
{
"name":"Test",
"username":"faraday",
"password":"changeme",
"type":"Cred",
"parent_type":"Host",
"parent":"1147",
"owner":"",
"description":""
}
Activity Feed¶
This API endpoint allows you to change the Activity Feed (from Dashboard) objects:
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/activities/count/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/commands/activity_feed/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/activities/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/activities/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/activities/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/activities/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/activities/'
Comments¶
This API endpoint allows you to change the Comment objects:
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/comment/count/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/comment/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/comment/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/comment/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/comment/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/comment/'
Commands¶
This API endpoint allows you to change the Commands objects:
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/commands/count/'
(OPTIONS, DELETE) -> '/_api/v3/ws/<workspace_name>/commands/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/commands/<object_id>/'
(PUT, OPTIONS) -> '/_api/v3/ws/<workspace_name>/commands/<object_id>/'
(HEAD, OPTIONS, GET) -> '/_api/v3/ws/<workspace_name>/commands/'
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/commands/'
Others:¶
(POST, OPTIONS) -> '/_api/v3/ws/<workspace_name>/comment_unique/'
Examples¶
Assuming that our credentials are:
username: faraday
password: changeme
Login: in order to be able to login through the API, you must supply your credentials and store them in a cookie file just as the following example:
curl -s 'http://127.0.0.1:5985/_api/login' \
-H 'Origin: http://127.0.0.1:5985/' -H 'Accept-Encoding: gzip, deflate, br' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/javascript, */*; q=0.01' \
-H 'Referer: http://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest' \
-H 'Connection: keep-alive' \
--data-binary '{"email":"faraday","password": "changeme"}' \
--compressed -c cookie.txt > /dev/null
Creating a host: assuming our workspace name is test:¶
curl -X POST http://127.0.0.1:5985/_api/v3/ws/test/hosts/ \
-d '{"ip":"127.0.0.1","hostnames":["testing"], "mac":"00:00:00:00:00:00","description":"Testing API", "default_gateway":"None", "os":"Linux", "owned":true, "owner":""}' \
-b cookie.txt \
-H 'Content-Type: application/json'
Getting a list of hosts:¶
curl -X GET http://127.0.0.1:5985/_api/v3/ws/test/hosts/ -b cookie.txt
Creating a service:¶
curl -X POST http://127.0.0.1:5985/_api/v3/ws/test/services/ \
-d '{"name":"Test","description":"Testing API", "owned":true, "owner":"","ports":[8080],"protocol":"tcp","parent":1157,"status":"open","version":"","metadata":{"update_time":1533152663.994,"update_user":"","update_action":0,"creator":"","create_time":1533152663.994,"update_controller_action":"UI Web New","owner":""},"type":"Service"}' \
-b cookie.txt \
-H 'Content-Type: application/json'
Creating a vuln:¶
curl -X POST http://127.0.0.1:5985/_api/v3/ws/test/vulns/ \
-d '{"metadata":{"update_time":1533152883.927, "update_user":"", "update_action":0,"creator":"UI Web", "create_time":1533152883.927, "update_controller_action":"UI Web New", "owner":"faraday"}, "obj_id":"", "owner":"faraday", "parent":1157, "parent_type":"Host","type":"Vulnerability","ws":"test","confirmed":true,"data":"","desc":"New vulnerability created for API purposes","easeofresolution":"simple","impact":{"accountability":false, "availability":false, "confidentiality":false, "integrity":false},"name":"New Vuln - Testing API","owned":false,"policyviolations":[],"refs":[], "resolution":"", "severity":"critical", "issuetracker":"", "status":"opened","_attachments":{},"description":"","protocol":"","version":""}' \
-b cookie.txt \
-H 'Content-Type: application/json'
Creating a user:¶
curl -X POST http://127.0.0.1:5985/_api/v3/users/ \
-d '{"name":"faraday", "password":"changeme", "roles":["admin"], "type":"user", "role":"admin"}' \
-b cookie.txt \
-H 'Content-Type: application/json'
Generating a report:¶
curl -X POST http://127.0.0.1:5985/_api/v3/ws/test/reports/ \
-d '{"name":"Testing-API","tags":[], "title":"", "enterprise":"", "scope":"", "objectives":"", "summary":"", "confirmed":false, "conclusions":"", "recommendations":"", "vuln_count":2, "template_name":"generic_default.docx", "grouped":false}' \
-b cookie.txt \
-H 'Content-Type: application/json'
Uploading a report:¶
In order to be able to upload a report, you need the CSRF token and session's cookies. To get session's cookie, go to the Status Report and take it from RequestHeaders section of the console. And to get the CSRF token, in the same console, go to the tab Response.
On the first --form parameter,put the path of the file that you want to upload.
curl -X POST http://127.0.0.1:5985/_api/v3/ws/api/upload_report \
-H 'Content-Type: multipart/form-data' \
--cookie "session=.eJw90M2KwjAQB_BXWXL2YGu9CB6UlGJhpgSCZeZS2FpNJ2YXqkI24rtv18O-wO__8VTdeRpuTm3u02NYqG48qc1TfXyqjWK9SyyUYVsWmMrUWDei9Etsj4FaDKydw-Qj5KZo9CWSNUu2uzXktQM5XSnxyJVZgTaRrYkk-xEt5ZQfVmT3DmcfKvrhcBQUKMgeIoQysb0knjMh-QIEliyQQzJZ0-IV_kx7DWDZY1WPmNCD9Fv1Wqj-Np27-7cfvv4noNTSVCZjXSaYK2KgiLqMTTtX1H7daMpmPnLFgtpHSk7YbN_c4zZM7ztUoV6_3rRiDA.DkoypQ.q7eGzh1oof8dKnbF4q6xD_n1d6o" \
--form "file=@PATH/TO/FILE" \
--form "csrf_token=IjYyYzhkNWQxMzA4MTZmMTQxMTliYTA5OTg2NWYzMWRmYzQ5MWM4Y2Ui.Dko4Zw.sZ-LLdGoxaNFUaySFFQMvyLecxc" \
--compressed
Using the API to create a workspace¶
Here we provide a Python script using requests to create a new workspace:
# -*- coding: utf-8 -*-
import click
from requests import Session
@click.command()
@click.option('--username', prompt=True)
@click.option('--password', prompt=True)
@click.option('--server_address', prompt=True, help='Faraday server url', default='http://localhost:5985/')
@click.option('--workspace_name', prompt=True)
def create_workspace(username, password, server_address, workspace_name):
print('Authentication to server {0}'.format(server_address))
session = Session()
# authentication to faraday server
session.post(server_address + '/_api/login', json={'email': 'faraday', 'password': 'Password123'})
# create new workspace
ws_payload = {
"customer":"",
"name":workspace_name,
"type":"Workspace",
"users":["faraday"],
"public":False,
"children":[],
"duration":{"start_date":"","end_date":""},
"scope":[],
"description":""
}
res = session.post(server_address + '/_api/v3/ws/', json=ws_payload)
assert res.status_code == 201
print('Workspace {0} created'.format(workspace_name))
create_workspace()
Using the API to create users in bulk¶
curl -s 'http://127.0.0.1:5985/_api/login' \
-H 'Origin: http://127.0.0.1:5985/' -H 'Accept-Encoding: gzip, deflate, br' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/javascript, */*; q=0.01' \
-H 'Referer: http://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest' \
-H 'Connection: keep-alive' \
--data-binary '{"email":"faraday","password": "changeme"}' \
--compressed -c cookie.txt
while read -r line; do
curl -X POST http://127.0.0.1:5985/_api/v3/users/ \
-d '{"name":"'$line'","password":"Password123","roles":["client"],"type":"user","role":"client"}' \
-H 'Content-Type: application/json' \
-b cookie.txt
done < "users.txt"
Using the API to delete hosts in bulk¶
curl -X DELETE http://127.0.0.1:5985/_api/v3/ws/test/hosts/bulk_delete/ \
-d '{"hosts_ids": [ 1, 2, 3, 4]}' \
-b cookie.txt \
-H 'Content-Type: application/json'
Upload evidence to a Vulnerability¶
Remember to change the workspace name in the urls and vuln id to attach evidence.
curl -s 'http://127.0.0.1:5985/_api/login' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/javascript, */*; q=0.01' \
-H 'Referer: http://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest' \
-H 'Connection: keep-alive' \
--data-binary '{"email":"faraday","password": "changeme"}' \
--compressed -c cookie.txt
obtain csrf token to upload files¶
csrf_token=$(curl -s -X GET http://127.0.0.1:5985/_api/session -b cookie.txt -c csrf_cookie.txt| python -c "import sys, json; print json.load(sys.stdin)['csrf_token']")
Upload the file evidence.png¶
curl 'http://localhost:5985/_api/v3/ws/demo_workspace/vulns/251/attachment/' \
-H 'Connection: keep-alive' --data-binary $'------WebKitFormBoundary4RCsZGBu1aaCqyxT\r\nContent-Disposition: form-data;name="csrf_token"\r\n\r\$csrf_token\r\n------WebKitFormBoundary4RCsZGBu1aaCqyxT\r\nContent-Disposition: form-data; name="file"; filename="evidence.png"\r\nContent-Type: image/png\r\n\r\n\r\n------WebKitFormBoundary4RCsZGBu1aaCqyxT--\r\n' \
--compressed -c csrf_cookie.txt
Upload reports (XML results from tools) using curl¶
Please check the URLs and use the correct workspace name!
curl -s 'http://127.0.0.1:5985/_api/login' \
-H 'Origin: http://127.0.0.1:5985/' -H 'Accept-Encoding: gzip, deflate, br' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/javascript, */*; q=0.01' \
-H 'Referer: http://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest' \
-H 'Connection: keep-alive' \
--data-binary '{"email":"faraday","password": "changeme"}' \
--compressed -c cookie.txt
csrf_token=$(curl -s -X GET http://127.0.0.1:5985/_api/session -b cookie.txt -c csrf_cookie.txt | python -c "import sys, json; print json.load(sys.stdin)['csrf_token']")
echo $csrf_token
echo ";currentUrl=%2Fstatus%2Fws%2Ftest1; currentComponent=status" >> cookie.txt
curl -i -v http://127.0.0.1:5985/_api/v3/ws/test1/upload_report \
-H "Connection: keep-alive" \
-H "Pragma: no-cache" \
-H "Cache-Control: no-cache" \
-H "Accept: application/json, text/plain, */*" \
-H "Origin: http://127.0.0.1:5985/" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36" \
-H "Content-Type: multipart/form-data" \
-H "Referer: http://127.0.0.1:5985/" \
-H "Accept-Encoding: gzip, deflate, br" \
-H "Accept-Language: en-US,en;q=0.9,es;q=0.8" \
--form "csrf_token=$csrf_token" \
--form "file=@/PATH/TO/FILE" \
-b csrf_cookie.txt