.png)
1 year ago
95 BOOK THIS SPACE FOR AD
ARTICLE ADCurl, or client URL is a command line tool that enables data exchange between a device and a server through a terminal. We can use this tool on almost every OS. Today’s blog is focused on how do we use it in our pentesting & bug bounties. Best thing about curl is it supports almost all major protocols i.e.- DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET, and TFTP.
When we use curl, what basically we are doing is, we are sending/recieving the data to/from a server. Now, think of some scenarios where we can use it in our pentests. Got any? If yes, good! If not, no worries let me explain.
First thing you can check in curl is, what you can do with it. Hit a simple command called
Curl -hThis will look something like this:-
Now if you can see, there are multiple options here. It depends on you what do you want to do with it, you can follow JavaTpoint for that!
Now, we can do a lot of stuff here with options. Sometimes, you have to submit a file to a remote server and if you want to do it with curl, there is a command:-
curl -F file=@“file.exe" http://example.com/file/upload/This will upload your file to desired server and then you can try RCEs etc.
Another great example of using curl in pentests is we can modify the default DNS config. It is more of a network pentest side but still, it does the job:-
$ curl --dns-ipv4-addr 192.168.0.1 http://www.example.com$ curl --dns-interface eth1 http://www.example.com
DNS request to resolve the hostname will originate from 192.168.0.1 or from eth1.
You can use curl to brute force/fuzz a login form as well:-
$ curl --data "email=test@example.com&password=test" http://1.1.1.1/login.phpWe can also try creating new users through curl:-
$ curl --data "name=test&email=test@test.com&password=test" http://10.10.10.10/newuser.phpCapture a full trace of the HTTP request:-
$ curl --trace - https://example.com/We can use it to download a file from server as well:-
curl –O https://example.com/file.exe
Identifying HTTP headers allowed on a server:-
curl –v –X OPTIONS http://www.google.comCurl is also used in HTTP authentication. Authentication is used to inform the server user’s username and password so that it can authenticate that you’re allowed to send the request you’re sending. We can use this command to check it:-
curl —data “uname=test&pass=test” http://example.com/login.phpWe can specify a referer to a request:-
$ curl --referer http://www.domain.com/login.php http://www.domain.com/adminLast but not the lease, we all need log files! curl can also generate nice output to be processed by another tool. It can generate personalized outputs:
$ curl --silent --write-out "Response code: %{http_code}\nTotal time: %{time_total}" https://example.comThese are SOME of the best use cases from Curl. There could be many more cases such as getting request from GET/POST parameters etc but I have put the best ones which I know. Let me know in comment section, or my twitter DM if you have better ones. For now, enjoy these curl usage.
All the best! Happy hacking ❤
Twitter:- @manasH4rsh
Linkedin:- Manas Harsh
Bengali (Bangladesh) · 
English (United States) ·