Downloading Contrast agents via CURL

  • Updated

Objective

How to download the latest Contrast agents via CURL commands from the Contrast UI.

Process

  1. Create a new user that will have limited permissions (default permissions to start)
  2. Login as the new user --> click on profile --> "Your account" and gather the following:
    • Organization ID
    • API Key
    • Authorization Header
  3. Logout as the new user
  4. Login as admin and restrict the user to:
    • Organization Role: Edit (can do very little, like add notifications and view a few things but not much)
    • Application Access Group: <none> (can see no applications, servers or vuln)
    • API Only: <check> (can get into the website at all)
  5. Construct the CURL command using the information gathered:
curl http://<TeamServer FQDN>/Contrast/api/ng/<Organization ID>/agents/default/<language>\
-H API-Key:<API KEY> \
-H Authorization:<Authorization Header> \
-OJ

Example for the Java agent:

curl https://app.contrastsecurity.com/Contrast/api/ng/3c41a8de-972e-449a-90f8-ae5224834836/agents/default/JAVA \
-H API-Key:8BLqHXPqUnTj1SO9 \
-H Authorization:R3VybmV5OlZUM1kxNjhFSzQwRU8yVDk= \
-OJ

Example for the Java agent from Maven repo:

curl 'https://download.java.contrastsecurity.com/latest' -Lo contrast.jar

Powershell example for the .NET Framework Agent:

Invoke-WebRequest -Method "POST" -Headers @{'Authorization'='R3VybmV5OlZUM1kxNjhFSzQwRU8yVDk='; 'API-Key' = '8BLqHXPqUnTj1SO9'} -ContentType 'application/json' -Uri "https://apptwo.contrastsecurity.com/Contrast/api/ng/3c41a8de-972e-449a-90f8-ae5224834836/agents/default/DOTNET" -UseBasicParsing -Outfile contrast-setup.zip

KEY:

host:  https://app.contrastsecurity.com
org_id: UUID of the organization
language: JAVA, DOTNET, DOTNET_CORE, DOTNET_CORE_INSTALLER_FOR_IIS
-OJ: Filename is provided by the server and saved to folder

 

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request