HowTo Curl Examples: Difference between revisions

From MediaWiki
Jump to navigationJump to search
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
__TOC__
__TOC__
== '''Overview''' ==
== '''Overview''' ==
'''[http://en.wikipedia.org/wiki/CURL cURL]''' is a tool  to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP,  SMTPS, TELNET and TFTP).  The command is designed to work without user interaction.
'''[http://en.wikipedia.org/wiki/CURL cURL]''' is a tool  to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP,  SMTPS, TELNET and TFTP).  The command is designed to work without user interaction. This page will provide practical examples using '''[http://en.wikipedia.org/wiki/CURL cURL]''' with the '''[http://www.networksecuritytoolkit.org NST]''' distribution.


== Curl Upload Examples ==
== Curl Upload Examples ==
Line 24: Line 24:
  URL="${URL}&upload_group=apache";
  URL="${URL}&upload_group=apache";
  URL="${URL}&upload_mode=600";
  URL="${URL}&upload_mode=600";
  curl --netrc --insecure --form "upload_src=@/etc/hosts;filename=hosts.txt" "${URL}"
  curl --netrc --insecure --form "upload_src=@/etc/hosts;filename=hosts.txt" "${URL}";


The above command requires a authentication entry in your ''~/.netrc'' file of the form:
The above command requires a authentication entry in your ''~/.netrc'' file of the form:
Line 36: Line 36:
This strategy should work for any web page which accepts files via ''multipart/form-data'' forms. Obviously, you will need to inspect the HTML to see what fields the form requires for the site you want to upload as other sites will use other variable names, but the approach should be the same.
This strategy should work for any web page which accepts files via ''multipart/form-data'' forms. Obviously, you will need to inspect the HTML to see what fields the form requires for the site you want to upload as other sites will use other variable names, but the approach should be the same.


=== Tutorial References ===
==== Trace Options ====
Add the following parameters for '''trace''' operation:
 
  curl --trace-ascii "/tmp/curl_session.txt" --trace-time \
    --netrc --insecure --form "upload_src=@/etc/hosts;filename=hosts.txt" "${URL}";
 
== Tutorial References ==
 
* [http://curl.haxx.se/docs/httpscripting.html Using cURL to automate HTTP jobs]

Latest revision as of 23:02, 6 July 2012

Overview

cURL is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction. This page will provide practical examples using cURL with the NST distribution.

Curl Upload Examples

Uploading A File To A NST System (Post)

The NST WUI provides a page which can be used to upload files from a browser to the NST system. This upload is done by filling in form fields which is submitted via a POST using multipart/form-data. This form has the following fields:

upload_src
The file to upload from the client system.
upload_dst
Where the file uploaded file should be installed on the NST system.
upload_owner
The user which should own the file after upload.
upload_group
The group which the file should belong to.
upload_mode
The mode bit settings (like: 600) that should be applied to the file.

Normally, you interact with the /nstwui/php/system/upload.php page using your browser to fill in and submit this information. However, it is also possible to automate this process by using the curl command. This is often useful for cron jobs or creating custom scripts.

The following demonstrates

URL="https://192.168.1.44/nstwui/php/system/upload.php";
URL="${URL}?upload_dst=/tmp/hosts.txt";
URL="${URL}&upload_owner=apache";
URL="${URL}&upload_group=apache";
URL="${URL}&upload_mode=600";
curl --netrc --insecure --form "upload_src=@/etc/hosts;filename=hosts.txt" "${URL}";

The above command requires a authentication entry in your ~/.netrc file of the form:

machine HOST login USER password PASSWORD

For example, if logging in as root on a machine with the IP address of 192.168.1.44 with a password of nst2003, you would add a line like:

machine 192.168.1.44 login root password nst2003

This strategy should work for any web page which accepts files via multipart/form-data forms. Obviously, you will need to inspect the HTML to see what fields the form requires for the site you want to upload as other sites will use other variable names, but the approach should be the same.

Trace Options

Add the following parameters for trace operation:

 curl --trace-ascii "/tmp/curl_session.txt" --trace-time \
   --netrc --insecure --form "upload_src=@/etc/hosts;filename=hosts.txt" "${URL}";

Tutorial References