cURL Cheat Sheet
cURL is an invaluable tool in any webapp pentesters répertoire. If you're not familiar with the tool, allow me to introduce you. cURL simply put, is a command line tool that allows you to transfer data from point a to point b. For this line of work, it is mostly used in reference to a web server. There are many automations you can create using curl and loops, however, for this post I am going to be sticking to just the tool itself and common commands I use and their flags.
curl <targetip>:<targetport>/<subdirectories>
This example is the simplest usage of cURL. By filling in any applicable fields you send a GET request to a website.
-L will tell cURL to follow through 3xx redirects. This is helpful for when a site is configured to redirect traffic to 443 as the original cURL request will only return the redirect page.-k allows cURL to continue on even if its comes across an insecure SSL cert. Again, very useful especially if you're testing something locally for PoC purposes.-u is for authentication. The proper format here is -u <username>:<password>-i is another useful flag. This will print out response headers along with its content.-H lets you define a header. -A is for setting a user agent.-v is super useful. As is common, this is for enabling verbose. Like other programs, -vv & -vvv increased the information displayed.--trace is in the same vein of things. Adding this in will dump a full trace of all incoming and outgoing data.
curl -X POST -d '<body>' <targetip>:<targetport>/<subdirectories>
Here we are sending data to the target web server. -X sets the request methods. HTTP request methods are : GET HEAD PUT POST DELETE-d sets the body of the data you are sending.
curl -c - <targetip>:<targetport>/<subdirectories>
One of the more common things you will need is the cookie served to you by the web server. -c will print the cookie returned and store it in the "cookie-jar". Which is a file that temporarily holds any cookies you receive or create.
curl -b '<cookiename>=<cookievalue>' -c - <targetip>:<targetport>/<subdirectories>
Here you are sending a cookie to your target server.-b allows you to send "raw" cookies.