send HTTP request

rule:
  meta:
    name: send HTTP request
    namespace: communication/http/client
    authors:
      - moritz.raabe@mandiant.com
      - mehunhoff@google.com
    scopes:
      static: function
      dynamic: span of calls
    mbc:
      - Communication::HTTP Communication::Send Request [C0002.003]
    examples:
      - BFB9B5391A13D0AFD787E87AB90F14F5:0x13145D60
      - 6A352C3E55E8AE5ED39DC1BE7FB964B1:0x100026E0
  features:
    - or:
      - and:
        - or:
          - api: wininet.HttpOpenRequest
          - api: wininet.InternetConnect
        - or:
          - api: wininet.HttpSendRequest
          - api: wininet.HttpSendRequestEx
      - and:
        - api: winhttp.WinHttpSendRequest
        - api: winhttp.WinHttpWriteData
        - optional:
          - or:
            - api: winhttp.WinHttpOpenRequest
            - api: winhttp.WinHttpConnect
      - and:
        - match: send data on socket
        - string: /HTTP/i
      - and:
        - format: dotnet
        - or:
          - api: System.Net.WebRequest::GetResponse
          - api: System.Net.WebRequest::GetResponseAsync
          - api: System.Net.Http.HttpClient::PostAsync
          - api: System.Net.Http.HttpClient::GetAsync
          - api: System.Net.Http.HttpClient::GetByteArrayAsync
          - api: System.Net.Http.HttpClient::GetStreamAsync
          - api: System.Net.Http.HttpClient::GetStringAsync
          - api: System.Net.Http.HttpClient::Send
          - api: System.Net.Http.HttpClient::SendAsync
          - api: System.Net.Http.HttpClientHandler::Send
          - api: System.Net.Http.HttpClientHandler::SendAsync
          - class: System.Net.Http.HttpRequestMessage