Regrouping notes content
This note is the sum of every notes taken on cURL while studying on HTB or practicing.
Cheatsheet
| Parameter | Field | Description |
|---|---|---|
| -H —header | ’header: value’ | Set a header and value to the request. |
| -A | ’value’ | Directly set User-Agent header |
| -u | ’user:password’ | Set up basic HTTP authentication credentials |
| -X | METHOD | Specify the HTTP method to use |
| -L | Follow response redirections | |
| -b | ’cookie=value’ | Add specified cookies into the request |
cURL
Presented as a way to read raw HTTP response but it’s usefulness lies in the POST method and forging requests, saving requests locally… Burpsuite and proxying requests are better suited for analyzing requests than HTB’s usecase. cURL is a very broad tool nonetheless and being able to use it is necessary.
cURL for HTTPS
cURL behaves the same way an up-to-date browser does. If the certificate is invalid in any way, no communication will be established.
cURL verbosity
Observing both request and response data can be done with cURL by adding -v for verbosity level up to -vvv.
cURL response only
Output can be response only using -i for headers and body response, or -I to send HEAD requests and retrieve headers only. Using -A to set User-Agent and -H to set a specific header.