CURL common command – Penetration Testing

curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction.
curl offers proxy support, user authentication, FTP uploading, HTTP posting, SSL connections, cookies, file transfer resume, Metalink, and many other features.

Basic GET

GET a single resource via its URI

Default operation is a GET:

curl http://ift.tt/2uwSO2b

GET multiple resources where IDs are in a range

Use square brackets with a dashed range:

curl http://ift.tt/2tyzofV%5D

GET multiple resources where IDs aren’t in a range

Use curly braces with comma-delimited strings:

curl http://ift.tt/2uwM4Bm

Using HTTP Headers

Accept only the application/json content-type

Use the header option: -H or –header

curl -H ‘Accept: application/json’ http://ift.tt/2tzhJEQ

Add multiple headers

Use multiple -H options:

curl -H ‘Accept: application/json’ -H ‘Accept-Encoding: gzip’ http://ift.tt/2uxfdfz

Note: the output from this is likely to be unreadable because it’s gzipped!

More likely you’d use this with ETags:

curl -H ‘Accept: application/json’ -H ‘If-None-Match: “1cc044-172-3d9aee80″‘ http://ift.tt/2uxfdfz

Show the network and HTTP “conversation”

Use the verbose option: -v or –verbose

curl -v -H http://api.example.com

POST and PUT

POST data to a URI

To send data to the server, you use either POST or PUT, depending on what the API requires. To do a POST, you simply use the -d (–data) with some content:

curl -d “name=Ted” http://ift.tt/2tyYhIu

Note that this uses application/x-www-form-urlencoded as the Content-Type, i.e.,as if it was submitted by an HTML Form. You can use multiple -d options, which will be combined, e.g., these two commands produce the same content:

curl -d “first=Ted” -d “last=Young” http://ift.tt/2uwOS1t -d “first=Ted&last=Young” http://ift.tt/2tyYhIu

If you want to send JSON, you’ll need to specify the Content-Type explicitly using the -H (header) option:

curl -d ‘{“name”: “Ted”}’ -H ‘Content-Type: application/json’ http://ift.tt/2tyznIT

PUT data to a URI

If you need to use the PUT method, you’ll need to override the method with the -X (–request) option:

curl -X PUT -d ‘{“name”: “Ted”}’ -H ‘Content-Type: application/json’ http://ift.tt/2tzhJEQ

Source: Github

The post CURL common command appeared first on Penetration Testing.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s