cURL Cheat Sheet

Full article

cURL is an invaluable tool in any webapp pentesters répertoire. If you're not familiar with the tool, allow me to introduce you. cURL simply put, is a command line tool that allows you to transfer data from point a to point b. For this line of work, it is mostly used in reference to a web server. There are many automations you can create using curl and loops, however, for this post I am going to be sticking to just the tool itself and common commands I use and their flags.

curl <targetip>:<targetport>/<subdirectories>
This example is the simplest usage of cURL. By filling in any applicable fields you send a GET request to a website.

-L will tell cURL to follow through 3xx redirects. This is helpful for when a site is configured to redirect traffic to 443 as the original cURL request will only return the redirect page.
-k allows cURL to continue on even if its comes across an insecure SSL cert. Again, very useful especially if you're testing something locally for PoC purposes.
-u is for authentication. The proper format here is -u <username>:<password>
-i is another useful flag. This will print out response headers along with its content.
-H lets you define a header.
-A is for setting a user agent.
-v is super useful. As is common, this is for enabling verbose. Like other programs, -vv & -vvv increased the information displayed.
--trace is in the same vein of things. Adding this in will dump a full trace of all incoming and outgoing data.


curl -X POST -d '<body>' <targetip>:<targetport>/<subdirectories>
Here we are sending data to the target web server.  

-X sets the request methods. HTTP request methods are : GET HEAD PUT POST DELETE
-d sets the body of the data you are sending.


curl -c - <targetip>:<targetport>/<subdirectories>
One of the more common things you will need is the cookie served to you by the web server.

-c will print the cookie returned and store it in the "cookie-jar". Which is a file that temporarily holds any cookies you receive or create.

curl -b '<cookiename>=<cookievalue>' -c - <targetip>:<targetport>/<subdirectories>
Here you are sending a cookie to your target server.

-b allows you to send "raw" cookies.