AUTHENTICATION REQUESTS

HTTP AUTHENTICATION (GET)

root@oco:~$ curl -u {username}:{password} {targetSite:port}
 * the -u option is used to directly provide credentials through the URL

HTTP AUTHENTICATION (POST)

root@oco:~$ curl -X POST -d 'username=admin&password=admin' http://{targetSite:port} -L -i
  * the -X is used to specify the method {GET, POST, ect}
  * the -d option is used to add data to the method, specifically POST method
     - it defines the data being sent in the body of the request.
     - The data will be sent in URL-encoded format, which is the same as what HTML forms use.
  * the -L option is used to tell curl to follow redirection which
    usually happens after successful authentication to a site
  * the -i option is used to view the server response, which may contain the Set-Cookie header 
    with the authenticated cookie
    
  * after successfuly authentication, cookies could be received to persist and to not
    be needing to login every time the page is visited

root@oco:~$ curl -X POST -d "username=user&password=user&submit=Login" http://MACHINE_IP/post.php
 * this second post authentication cmd is used if the application expects additional fields, 
   like a "Login" button or a CSRF token

MODIFICATION: AUTHORIZATION HEADER (GET)

root@oco:~$ curl -H 'Authorization: Basic YWRtaW46YWRtaW4=' {targetSite:port}
 * EXAMPLE: curl 'http://{targetSite:port}/search.php?search=le' -H 'Authorization: Basic YWRtaW46YWRtaW4='
 * the -H option is used to manually set the Authorization header, w/o supplying the 
   credentials.
 * can add the -H flag multiple times to specify multiple headers
 * the "Basic YWRtaW46YWRtaW4=" is the base64 encoded value of admin:admin
    - modifying the authorization header is safer than using
      basic http authentication method

Once logged in, web applications use cookies to keep a session active. When you make another request with a browser, the cookie gets sent automatically, but with cURL, it need to be handled manually.

#save the cookie
root@oco:~$ curl -c cookies.txt -d "username=admin&password=admin" http://MACHINE_IP/session.php

 * The -c option writes any cookies received from the server into a 
   file (cookies.txt in this case). You'll often see a session cookie like PHPSESSID=xyz123.

#reuse the saved cookie
root@oco:~$ curl -b cookies.txt http://MACHINE_IP/session.php
 * the -b option is used to pass the cookie to the site
    - if a cookie is saved, the -b option tells cURL to send the saved cookies in the next 
      request, just like a browser would.
      
 * ALT: 
    - curl -H {'Cookie: PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1'} {targetSite:port}
       - this alternate method specifies the cookie as a header
    - curl -b {'PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1'} {targetSite:port}

PreviousCURL NextGET REQUESTS

Last updated 1 day ago

HTTP AUTHENTICATION (GET)

HTTP AUTHENTICATION (POST)

MODIFICATION: AUTHORIZATION HEADER (GET)

AUTHENTICATION W/ COOKIE