1.

Basic curl Syntax for HTTP Requests

The basic syntax of curl is:

curl [options] [URL]

You can specify the type of HTTP request (GET, POST, PUT, etc.) using the appropriate flags,
and you can set headers or send data within the request.

2. Making an HTTP GET Request

The GET request is the default method curl uses if no method is explicitly specified.

curl http://testphp.vulnweb.com/

To see the headers and response, add the -v (verbose) option:

curl -v http://testphp.vulnweb.com/

curl -vvv http://testphp.vulnweb.com/

• -v: Shows both the request sent and the response received, including headers.

3. Setting Headers with -H Option

a. Register an account on http://testphp.vulnweb.com/login.php

b. Sniff all message using charles proxy and analize the message format
c. Using curl to register, login, and request data

To specify custom headers in your HTTP request (like Content-Type, Authorization, etc.),
use the -H option:

curl -H "Content-Type: application/json" -H "Authorization: Bearer <token>"

http://testphp.vulnweb.com/

4. Sending POST Data

For POST requests, use the -X option to specify the request type, and -d (data) to send the
payload:

curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}'

http://testphp.vulnweb.com/login.php

Here:

• -X POST: Specifies that this is a POST request.

• -d '{"key":"value"}': The JSON payload being sent in the request body.

5. Sending Form Data

To send data as application/x-www-form-urlencoded (typical for HTML form submissions),

you can pass form data directly:

curl -d "username=user&password=pass" http://testphp.vulnweb.com/login.php

Alternatively, you can use the --form option for file uploads:

curl --form "file=@filename" http://testphp.vulnweb.com//upload

6. Handling Different Content Types

curl can handle different content types such as:

• application/json

• text/html

• application/x-www-form-urlencoded

Make sure you specify the correct Content-Type header with -H if necessary.

7. HTTP Methods

Below are the commonly used HTTP methods in curl:

• GET: Retrieve data from the server.

curl -X GET http://testphp.vulnweb.com/

• POST: Send data to the server.

curl -X POST -d "param=value" http://testphp.vulnweb.com/

• PUT: Update data on the server.

curl -X PUT -d '{"name":"John"}' http://rest.vulnweb.com/

• DELETE: Delete data from the server.

curl -X DELETE http://testphp.vulnweb.com//resource/1

8. Saving Response to a File

You can save the HTTP response body to a file using the -o (output) option:

curl -o response.txt http://testphp.vulnweb.com/

To download a file with its original name, use -O (uppercase letter O):
curl -O http://testphp.vulnweb.com//file.zip

9. Inspecting Response Headers with -I (HEAD Request)

To only fetch the response headers (without the body):

curl -I http://testphp.vulnweb.com/

This will return the HTTP status and headers like Content-Type, Content-Length, etc.

10. Analyzing the Entire HTTP Transaction

To display both the request and the response, including headers, you can use:

curl -v http://testphp.vulnweb.com/

For more detailed analysis:

curl -v -X POST -H "Content-Type: application/json" -d '{"name":"test"}'

http://testphp.vulnweb.com//api

This will show:

• Request method (POST)

• Request headers (e.g., Content-Type: application/json)

• Request body (JSON data sent)

• Response headers and body

11. Advanced Usage: Timing, Debugging, and Tracing

• Measure Response Time: Use the -w (write-out) option to get the time metrics of a
request.

curl -w "@curl-format.txt" -o /dev/null -s http://testphp.vulnweb.com/

Where curl-format.txt might contain something like:

txt

time_namelookup: %{time_namelookup}\n

time_connect: %{time_connect}\n

time_starttransfer: %{time_starttransfer}\n
time_total: %{time_total}\n

• Debugging SSL Connections: If you're having SSL issues, use:

curl -v --insecure http://testphp.vulnweb.com/

o --insecure: Skips SSL certificate verification.

• Trace Debugging: Use --trace to debug complex transactions.

curl --trace tracefile.txt http://testphp.vulnweb.com/

12. Basic Authentication

You can specify basic HTTP authentication credentials with the -u option:

curl -u username:password http://testphp.vulnweb.com//protected

13. Handling Redirects

If the URL you request results in a redirect (HTTP 3xx), use the -L option to follow it:

curl -L http://testphp.vulnweb.com/

Summary of Useful curl Options

Option Description

-X Specify the request method (GET, POST, PUT, DELETE, etc.)

-H Add a custom header to the request

-d Send data with the request (usually used with POST, PUT)

-o Write output to a file

-O Download file with the original name

-I Fetch only the headers

-L Follow redirects

-v Enable verbose mode (see request and response headers)

-u Specify basic authentication credentials

Option Description

--form Send form data, used for file uploads