ASA, ASDM and HTTP API

Posted by & filed under Sécurité.

You can execute some commands or get files on ASA, FWSM and ASA-SM directly with HTTP.

First you need to enable http server : https://supportforums.cisco.com/docs/DOC-15016

Then a command is send in the URL following this syntax:

https://IP_ASA/admin/exec/CMD1/CMD2/CMD3

A simple example to show the arps:

https://IP_ASA/admin/exec/show+arp+

A more complex example to get statistics for a contex:

https://IP_ASA/admin/exec/changeto+context+MYCONTEXT/show+context/show+access-list

You can also use this to get files:

https://IP_ASA/admin/DISK/FILE

For example:

https://IP_ASA/admin/disk0/dap.xml

To find the exact command you need you enter : debug http on CLI and you browse ASDM to the desired information. The CLI will show you the requested URLs.

You can batch the download of configuration with wget (native on Linux/Mac, on MobaXterm for Windows) with the following command:

wget --http-user=ADMIN_ASA --http-passwd=PASSWORD -i urls.txt --no-check-certificate

urls.txt contains all the URLs you want to execute/get.

Leave a Reply