cURL

cURL

cURL (client URL) is a command-line tool and library that primarily supports HTTP along with many other protocols. It can be used for sending various types of web requests from the command line, which is necessary for many types of web penetration tests.

cURL commands

Get Help

curl -h

Basic GET request

curl www.example.com

Download file

curl -s -O www.example.com/index.html

  • -O : output or save the file locally

Skip SSL check

curl -k https://www.example.com

Here, -k flag helps to skip the SSL certificate check for https.

Verbose output

curl www.example.com -v

Fetch only response headers

curl -I https://www.example.com

  • -I : fetch only the headers without the body (HEAD request)

Fetch response headers and body

curl -i https://www.example.com

  • -i : include the headers in the output along with the body

Add Custom User-Agent

curl https://www.example.com -A 'Mozilla/5.0'

  • -A : specify the User-Agent

Basic authentication

curl -u <username>:<password> http://www.example.com/login

Here, -u flag is used to include the user data in the command that is normally used in the body of POST request and username and password are also specified, separated by colon.

Send POST data

curl -X POST -d 'username=<username>&password=<password>' http://www.example.com/login

  • -X : specify the HTTP method

  • -d : specify the HTTP request data

Here, this specifies the username and password values with their respective parameters in the body of the HTTP request.

Set request headers

curl -H 'Authorization: Basic YWRtaW46YWRtaW4=' http://www.example.com/login

  • -H : specify the HTTP header

Here, this command is also used for authentication with the specification of Authorization header that contains Base64 encoded value as token for authentication.

Pass GET parameters

curl 'http://www.example.com/search.php?search=item'

Here, GET parameters are specified with values in the query string.

Send JSON data

curl -X POST -d '{"search":"item"}' -H 'Content-Type: application/json' http://www.example.com/search.php

Here, the JSON data is specified with -d flag and -H flag is used to specify that the content of the data is of the type JSON.

Set Cookies

curl -b 'PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1' http://www.example.com/

  • -b : directly specifies the cookie

Alternatively, this can also be done with -H header to specify the cookie and its value as header.

Read all entries of API data

curl -s http://example.com/api.php/city/ | jq

  • -s : tells curl to operate in silent mode suppressing the progress information and error messages

  • jq : a command-line utility used to parse, filter, and format JSON data, it makes the output more readable by indenting and coloring the JSON structure

Add an entry to API data

curl -X POST http://api.example.com/city/ -d '{"city_name":"ABC_City", "country_name":"XYZ"}' -H 'Content-Type: application/json'

This adds a new entry to the JSON data in API.

Update an entry of API data

curl -X PUT http://api.example.com/city/london -d '{"city_name":"New_ABC_City", "country_name":"XYZ"}' -H 'Content-Type: application/json'

This updates and replaces the entry related to 'london' in the JSON data of the API.

Delete an entry of API data

curl -X DELETE http://api.example.com/city/New_ABC_City

This deletes the API entry for city JSON and city name as New_ABC_City.

PreviousHTTPNextInfo Gathering - Intro

Last updated