Curl for Web Hacking and Pentesting

In the previous post we saw the basic uses of curl. Now at this we are going to see some useful and important command as web pentesting view.

1. Get the HTTP response header

We can get header information of a website with '-I' flag
 curl -I
2. Sending GET Requests
 curl ""
3. Sending POST requests 
 curl -d "name=ajay&submit=Submit"
4. To follow a redirect location:
 curl -L
5. Sending custom Headers : 
 curl -H "user-agent:Mozilla/5.0 (X11; Linux x86_64) "
 curl -H "Content-Type: text/xml"
 curl -H "Host:"
6. Custom User-Agent Header :

We can send custom user agent header by '-A' flag
 curl -A "Mozilla/5.0 (X11; Linux x86_64)"
 curl -A "Mozilla/5.0 (compatible;  Windows NT 5.0)"
7. Custom Referrer field :
 curl -e
Or we can also send custom referrer with below command
 curl -H "Referrer:"
8. Custom Cookies : 

To send custom cookies use '-b' flag
 curl -b "name=sectree"
To store response cookies in a file use '-c' option. We can also send cookies which is stored in a file.
 curl -b current_cookies.txt -c new_cookies.txt
where the current_cookies.txt are being sent to the web server and new_cookies.txt are response cookies by the server which is stored and written in that file.