cURL Cheat Sheet

Joshua Ruppe -

cURL is an invaluable tool in any webapp pentesters répertoire. If you're not familiar with the tool, allow me to introduce you. cURL simply put, is a command line tool that allows you to transfer data from point a to point b. For this line of work, it is mostly used in reference to a web server. There are many automations you can create using curl and loops, however, for this post I am going to be sticking to just the tool itself and common commands I use and their flags.

curl <targetip>:<targetport>/<subdirectories>
This example is the simplest usage of cURL. By filling in any applicable fields you send a GET request to a website.

-L will tell cURL to follow through 3xx redirects. This is helpful for when a site is configured to redirect traffic to 443 as the original cURL request will only return the redirect page.
-k allows cURL to continue on even if its comes across an insecure SSL cert. Again, very useful especially if you're testing something locally for PoC purposes.
-u is for authentication. The proper format here is -u <username>:<password>
-i is another useful flag. This will print out response headers along with its content.
-H lets you define a header.
-A is for setting a user agent.
-v is super useful. As is common, this is for enabling verbose. Like other programs, -vv & -vvv increased the information displayed.
--trace is in the same vein of things. Adding this in will dump a full trace of all incoming and outgoing data.


curl -X POST -d '<body>' <targetip>:<targetport>/<subdirectories>
Here we are sending data to the target web server.  

-X sets the request methods. HTTP request methods are : GET HEAD PUT POST DELETE
-d sets the body of the data you are sending.


curl -c - <targetip>:<targetport>/<subdirectories>
One of the more common things you will need is the cookie served to you by the web server.

-c will print the cookie returned and store it in the "cookie-jar". Which is a file that temporarily holds any cookies you receive or create.

curl -b '<cookiename>=<cookievalue>' -c - <targetip>:<targetport>/<subdirectories>
Here you are sending a cookie to your target server.

-b allows you to send "raw" cookies.