The Basics of Curl

• Curl stands for Client URL

• The curl command is used to transfer data using the URL syntax

• The curl command in general use returns the contents of the website the url points to.

[!NOTE] Notes

• By default curl always does a GET request

• It is not necessary to give the protocol to the curl command via curl https://google.com but in this case when it is not given curl defaults to the http protocol

• The curl command will also not follow any redirect by default and would just return Redirecting...

[!TIP] Website to test bad SSL certs

• badssl.com

Some useful flags and arguments

• Basic (without options), returns the contents of the website curl <protocol>://<url>

• To get the header info only curl -I <protocol>://<url>

• To get both the content and the header info curl -i <protocol>://<url>

• To output the content into a file (can also use stdout for this) curl -o <filename> <protocol>://<url> curl -O <protocol>://<url> The one with 'O' uses the file path given in the url to get and store the contents in the file with the same name and path.

• To make curl follow the redirect curl -L <protocol>://<url>

• To get a verbose output curl -v <protocol>://<url>

• For websites with bad SSL certs the curl command will by default show an error, but we can still view the content by passing in the -k flag curl -k <protocol>://<url>

• Globbing in curl curl https://dummy.restapiexample.com/api/v1/employee/[1-5] Curl can glob using basic regex and this above command will search for all five employees with id 1, 2, 3, 4 & 5

• To give a POST request curl -d "name=Test&salary=10000&age=28" https://dummy.restapiexample.com/api/v1/create In this command the '-d' option means data and by default if you don't specify any method it does a POST request and the header is form content and data is url form data

• To modify the header (-H) curl -d '{"name":"Test","salary":"10000","age":"29"}' -H "Content-type: application/json" https://dummy.restapiexample.com/api/v1/create In this case the data becomes a json data instead of url form data

• To modify the method curl -X <http_method> <protocol>://<url>

• Fake the host header curl --header "Host: example.com" http:/127.0.0.1/ This will also make the cookies for example.com work

• Resolve curl --resolve example.com:443:127.0.0.1 https://example.com This under the hood populates the curl's DNS cache with the specified custom entry

• Connect to another host by name (especially useful when working with load balancers) curl --connect-to example.com:443:host-47.example.com:443 https://example.com/

  Although not very practical it is also possible to send an email using the curl command using the smtp protocol.

  Although it might seem as a simple command curl hides tons of functionality inside it.

References and Further Reading

• daniel.haxx.se/blog/2018/04/05/curl-another-host/

• https://curl.se/docs/manpage.html

• https://curl.se/docs/