Introduction
cURL (client URL) is a command line tool for transferring data from or to a server using URLs. cURL helps you talk to a server by specifying the location of server and the data you want to send. It supports many protocols including, FTP, HTTP and HTTPS The most basic form of curl is the keyword “curl” followed by the URL.
curl http://example.com
curl --data “Department=Science” http://example.com/info.php
cURL offers various features like roxy support, user authentication, FTP upload, HTTP post, SSL connection, cookies, file transfer and many more. The cURL software project has the following advantages:
- ● Send web API requests to a server.
- ● Compatible with almost every operating system and device.
- ● Since cURL is a command-line tool it is quicker than a native application. It is mostly used to test web APIs while they are in the development phase.
- ● Has a verbose option which helps in understanding what is being sent or received.
As a security researcher, it is pertinent that you understand curl usage.
See https://www.mit.edu/afs.new/sipb/user/ssen/src/curl-7.11.1/docs/curl.html
Manual attacks using scripts
The process of penetration testing is time consuming and consists of a lot of manual work. Therefore, pen testers mostly rely on automated tools that help reduce time and effort needed in various phases of the security review. Tools like Nmap, Nessus, Nikto, dirb help in phases of reconnaissance and enumeration. Besides this, when it comes to testing of each endpoint, substantial changes are required depending upon the application, context of the endpoint, payload, and validity of authentication tokens required for the successful execution of the endpoint. This can be easily accomplished using python/bash scripts and curl.
Scripts can be customized to test all the APIs with the same set of payloads. Another advantage of custom scripts is that we can create scripts for different attack types depending upon application and testing requirements.
For example, you can write python/bash script for Broken Access Control attack using curl and placeholders for authentication and authorization cookies. You can create a list of several endpoints requiring higher privileged user access, and a list of cookies of a low privileged user as attack payload. At the time of script execution, the authentication and authorization cookies in the request will be replaced by the attack payload and execute curl requests on all listed endpoints in a consistent automated way. All this can be completed in a single execution which is more convenient than using Burp intruder or repeater. Besides, this allows repeated execution of the script with consistent results and to verify fixes for any identified vulnerabilities.