CURL

BASIC WEB REQUEST

root@oco:~$ curl {targetSite:port} -v
 * the -v | -vvv is used for verbose output
    - it shows the full details of the HTTP request and response
    
root@oco:~$ curl -I {targetSite:port}
 * the -I option displays the response headers
    - send a HEAD request and only display the response headers
    
root@oco:~$ curl -i {targetSite:port}
 * the -i options is used to display BOTH the headers and the response body (e.g. HTML code)

DOWNLOADING

root@oco:~$ curl -s -k -O {targetSite:port}
 * the -O writes output to file with the same name as the remote file
 * the -s suppresses writing statuses or unneeded info in the output
 * the -k is used to skip certificate checks for invalid or outdated SSL certificates
 
root@oco:~$ curl {targetSite:port\fileName} -o {localDestination}
 * the -o specifies the output filename

MODIFICATION: USER-AGENT

root@oco:~$ curl {targetSite:port} -A 'Mozilla/5.0'
 * the -A flag is used to set and change the user-agent

BASIC HTTP AUTHENTICATION (GET)

root@oco:~$ curl -u {username}:{password} {targetSite:port}
 * the -u option is used to directly provide credentials through the URL

MODIFICATION: AUTHORIZATION HEADER (GET)

root@oco:~$ curl -H 'Authorization: Basic YWRtaW46YWRtaW4=' {targetSite:port}
 * EXAMPLE: curl 'http://{targetSite:port}/search.php?search=le' -H 'Authorization: Basic YWRtaW46YWRtaW4='
 * the -H option is used to manually set the Authorization header, w/o supplying the 
   credentials.
 * can add the -H flag multiple times to specify multiple headers
 * the "Basic YWRtaW46YWRtaW4=" is the base64 encoded value of admin:admin
    - modifying the authorization header is safer than using
      basic http authentication method

MODIFICATION: AUTHENTICATION (POST)

 root@oco:~$ curl -X POST -d 'username=admin&password=admin' http://{targetSite:port} -L -i
  * the -X is used to specify the method {GET, POST, ect}
  * the -d option is used to add data to the method, specifically POST method
  * the -L option is used to tell curl to follow redirection which
    usually happens after successful authentication to a site
    
  * after successfuly authentication, cookies could be received to persist and to not
    be needing to login every time the page is visited
     - use the -i option to to view the response, which may contain the Set-Cookie header with the authenticated cookie
     
root@oco:~$ curl -b {'PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1'} {targetSite:port}
 * the -b option is used to pass the cookie to the site
 * ALT: curl -H {'Cookie: PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1'} {targetSite:port}
    - this alternate method specifies the cookie as a header

SENDING POST REQUESTS

root@oco:~$ curl -s {targetSite:port}/{page}.php -X POST
root@oco:~$ curl -s {targetSite:port}/{page}.php -X POST -d "param=value"
 * the -s flag filters out unnecessary data
 * the -X flag represents the HTTP request method to use
 * the -d "param=value" sends the specified data in a POST request

PreviousCRACKMAPEXEC NextCUSTOM WORDLIST

Last updated 11 months ago