- Networking command available on windows, Linux and macOS.
- Curl stands for (Client URL)
Basic usage will include the curl and a URL, this will basically return the html content of URL you input
curl https://www.google.com- To get just the header you'd use the
-Iflag
> curl -I https://www.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-3nbjnYmAWAiUDuFeFgEZEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Date: Fri, 15 Mar 2024 22:48:52 GMT
...[!info] using the
-iflag will get you both the content + header but that would be too much info to display
- To output the content of the curl to a file, you can use the
-owhich comes built incurland specify a file, or you can use the-O(capital O) flag without a file name, and that will use the name of the default html page served in this case index.html as the output
> curl -o google.html https://www.google.com
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 20749 0 20749 0 0 6798 0 --:--:-- 0:00:03 --:--:-- 6805
# using the -O flag
> curl -O https://www.google.com/index.html
PS C:\Users\jamal\Desktop> curl -O https://www.google.com/index.html
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 20752 0 20752 0 0 13682 0 --:--:-- 0:00:01 --:--:-- 13706[!important] If you don't specify a protocol like HTTPS for the URL This could help you test for redirects to check if a site has HTTPS redirect
- Testing redirect:
> curl -I google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ac_yxVWLqCe8HOcnKSm7Yg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Date: Fri, 15 Mar 2024 23:08:05 GMT
Expires: Sun, 14 Apr 2024 23:08:05 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN- To follow redirects you add the
-Lflag.
curl -IL google.com
# adding the -v flag for verbose
curl -ILv google.com- You can test all methods for both http and https websites
HTTP:
curl -i -X OPTIONS http://example.com/HTTPS:
curl –insecure -i -X OPTIONS https://example.com/You may also use
-vinstead of-ito see more output.
[!alert]
curlagainst a site with self signed certificate if you attempt to use curl against domain with self signed certificate you get an error
- below example this site uses a self signed certificate
curl https://self-signed.badssl.com/you can use the -k to proceed to the site
curl -k https://self-signed.badssl.com/You can use curl to test APIs.
Example 1: fetching list of employees
> curl https://dummy.restapiexample.com/api/v1/employees
{"status":"success","data":[{"id":1,"employee_name":"Tiger Nixon","employee_salary":320800,"employee_age":61,"profile_image":""},{"id":2,"employee_name":"Garrett Winters","employee_salary":170750,"employee_age":63,"profile_image":""},{"id":3,"employee_name":"Ashton Cox","employee_salary":86000,"employee_age":66,"profile_image":""},{"id":4,"employee_name":"Cedric Kelly","employee_salary":433060,"employee_age":22,"profile_image":""},{"id":5,"employee_name":"Airi Satou","employee_salary":162700,"employee_age":33,"profile_image":""},
...
],"message":"Successfully! All records has been fetched."}Example 2 : testing same endpoint with different query parameter ( this doesn't work in windows PowerShell)
> curl https://dummy.restapiexample.com/api/v1/employee/1 https://dummy.restapiexample.com/api/v1/employee/2Example 3 : using regex with curl to search a range of parameters ( this doesn't work in windows PowerShell)
# fetching values for employee ids 1 to 5
curl https://dummy.restapiexample.com/api/v1/employee/[1-5]Example 4: basic authentication
curl -u user:pass -d status="Hello" http://twitter.com/statuses/update.xmlExample 5 : file/data upload
# multipart file upload
curl -v -include --form key1=value1 --form upload=<@localfilename> http://example.com/submit.cgi
# multipart form: send data from text field and upload file
curl -F person=anonymous -F [email protected] http://example.com/submit.cgi- The
-dflag comes in handy, it's shorthand for --data, which is the body of the post request you want to send - When you add this flag the request is by defaulted to POST
Example 1: sending form data
curl -d name=jamal&salary=800&age=110 https://dummy.restapiexample.com/api/v1/create[!NOTE]- By default this method expects the payload to be form data types of key value pairs delimited by
&
Example 2: sending json data
To send json data we need to us the flag -H to define the header "content-type"
curl -d '{"name":"test","salary":"123","age":"23"}' -H "content-type:application/json" https://dummy.restapiexample.com/api/v1/createExample 3 : using the --url flag
curl --request POST --data "username=user1&password=test1234" -H 'Origin: https://securitylabs-ce.veracode.com' --url https://aeb7f888.community.ht/loginExample 4 : sending bearer token in request header
curl --request GET --url https://aeb7f888.community.ht/users \
--header 'Origin: https://securitylabs-ce.veracode.com' \
--header 'X-Auth-Token: eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJjbGFpbXMiOiB7ImxldmVsIjogInVzZXIiLCAidXNlcm5hbWUiOiAidXNlcjEifX0=.842611e2a755eaf54d0d05d8d84fab8cd6d35f3e4ea903bd743d605d7f2c9d87'Other than GET, POST what if we want to use other HTTP requests, you strictly specify the method you want to trigger using the -X flag
Example 1 : using DELETE method
curl -X DELETE https://dummy.restapiexample.com/api/v1/delete/2When your developing or debugging an app on your local machine and you want to simulate the host being a different domain. Use the flag `--
Example 1: define a custom host header
curl --header "Host:example.com" http://127.0.0.1 Example 2 : custom resolve
let's resolve and address locally using the --resolve
curl --resolve navek.org:443:127.0.0.1 https://navek.org/Example 3: testing individual host , maybe if you are behind a load balancer and want to test a certain host, use the --connect-to flag to resolve to that host
curl --connect-to example.com:443:host-47.exmaple.com:443 https://example.comWith curl you can test ftp, LDAP,SMTP, sockets and Telnet
Example 1 : test Telnet
curl telnet:localhost:4317Example1: Get the MD5 hash for the websites favicon image using curl + PowerShell
PS C:\Users\user> curl https://static-labs.tryhackme.cloud/sites/favicon/images/favicon.ico -UseBasicParsing -o favicon.ico
Enter proxy password for user 'seBasicParsing':
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1406 100 1406 0 0 811 0 0:00:01 0:00:01 --:--:-- 812
PS C:\Users\user> Get-FileHash .\favicon.ico -Algorithm MD5
Algorithm Hash Path
--------- ---- ----
MD5 F276B19AABCB4AE8CDA4D22625C6735F C:\Users\user\favico…
| Options | |
|---|---|
| -o {file} | # --output: write to file |
| -u user:pass | # --user: Authentication |
| -v |
# --verbose |
| -vv | # Even more verbose |
| -s | # --silent: don't show progress meter or errors |
| -S | # --show-error: when used with --silent (-sS), show errors but no progress meter |
| -i | # --include: Include the HTTP-header in the output |
| -I | # --head: headers only |
| Request | |
| -X {HTTP method} | # --request |
| -L | # follow link if page redirects |
| -F | # --form: HTTP POST data for multipart/form-data |
| Data | |
| -d 'data' |
# --data: HTTP post data, URL encoded (eg, status="Hello") |
| -d @file | # --data via file |
| -G | # --get: send -d data via get |
| Headers | |
| -A {str} | # --user-agent |
| -b name=val | # --cookie |
| -b FILE | # --cookie |
| -H "X-Foo: y" | # --header |
| --compressed | # use deflate/gzip |