curl

curl

curl is a command-line tool used to transfer data to or from a server using various protocols (like HTTP, HTTPS, FTP, etc.). It’s commonly used for testing APIs, downloading files, and interacting with web services.

Common HTTP Methods

  • GET: Retrieves data from a server.
  • POST: Sends data to a server for processing.
  • PUT: Updates existing data on a server.
  • DELETE: Deletes data from a server.

Additional Options

  • -d: Send data with POST or PUT requests.
  • -H: Add headers to your request, essential for API authentication and content type specification.
  • -X: Specify the HTTP method (GET, POST, PUT, DELETE).
  • –location: Follows redirects if the requested resource has moved.
  • –silent: Runs the command without showing progress or error messages.
  • –verbose: Display detailed information about the request and response.

Examples of curl Commands

  • Retrieve the contents of a webpage:
    > curl http://example.com
  • Get a response with a custom User-Agent:
    > curl -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" http://example.com
  • Send a POST request with JSON data:
    > curl -X POST http://example.com/api -H "Content-Type: application/json" -d '{"username":"admin","password":"password"}'
  • Use Basic Authentication to access protected resources:
    > curl -u username:password http://example.com/protected
  • Add custom headers to the request:
    > curl -H "X-Forwarded-For: 127.0.0.1" -H "X-Requested-With: XMLHttpRequest" http://example.com
  • Perform a PUT request to update resources:
    > curl -X PUT http://example.com/api/resource/1 -H "Content-Type: application/json" -d '{"key":"new_value"}'
  • Send a DELETE request to remove a resource:
    > curl -X DELETE http://example.com/api/resource/1 -H "Authorization: Bearer your_token"
  • Include cookies in the request for session testing:
    > curl -b "sessionid=abc123" http://example.com
  • Follow redirects to check application behavior:
    > curl --location http://example.com
  • Perform a HEAD request to inspect headers:
    > curl -I http://example.com
  • Check for SQL Injection vulnerabilities:
    > curl -G "http://example.com/search" --data-urlencode "query=' OR '1'='1"
  • Debug with verbose mode:
    > curl --verbose http://example.com
  • Test rate limiting by sending multiple requests:
    > for i in {1..10}; do curl -s http://example.com & done