Skip to content

cURL

cURL is an invaluable tool in any webapp pentester's repertoire. If you're not familiar with it, allow me to introduce you. Simply put, cURL is a command-line tool that allows you to transfer data from one point to another. In pentesting, it is mostly used in the context of interacting with web servers.

This page covers some essential cURL commands, common flags, and their usage. For now, we will focus solely on the tool itself and omit automation or scripting with loops.

Basic Usage

Sending a Simple GET Request

curl <targetip>:<targetport>/<subdirectories>

This is the simplest usage of cURL. By replacing <targetip>, <targetport>, and <subdirectories> with appropriate values, you can send a GET request to a website.

Useful Flags

  • -L: Follow 3xx redirects.

    curl -L http://example.com

  • -k: Continue even if an insecure SSL certificate is encountered.

    curl -k https://example.com

  • -u: Use for basic authentication.

    curl -u <username>:<password> http://example.com

  • -i: Print response headers along with the content.

    curl -i http://example.com

  • -H: Define a custom header.

    curl -H "Authorization: Bearer <token>" http://example.com

  • -A: Set a custom user agent.

    curl -A "Mozilla/5.0" http://example.com

  • -v: Enable verbose output. Add more v for increased verbosity (-vv, -vvv).

    curl -v http://example.com

  • --trace: Dump a full trace of incoming and outgoing data.

    curl --trace tracefile.txt http://example.com

Sending Data

Sending a POST Request

curl -X POST -d '<body>' <targetip>:<targetport>/<subdirectories>

This sends data to the target web server.

Flags

  • -X: Set the request method.

  • HTTP methods: GET, HEAD, PUT, POST, DELETE.

  • -d: Define the body of the request.

Cookies

Capturing

curl -c cookie-jar.txt <targetip>:<targetport>/<subdirectories>

This captures the cookie served by the web server and stores it in a file named cookie-jar.txt.

  • -c: Write cookies to the specified file (the "cookie jar").

Sending

curl -b '<cookiename>=<cookievalue>' -c cookie-jar.txt <targetip>:<targetport>/<subdirectories>

This sends a cookie to the target server.

  • -b: Specify raw cookie data to send.