Loading docs/TheArtOfHttpScripting +23 −22 Original line number Diff line number Diff line Author: Daniel Stenberg <daniel@haxx.se> Date: August 7, 2000 Version: 0.2 Date: September 15, 2000 Version: 0.3 The Art Of Scripting HTTP Requests Using Curl ============================================= Loading Loading @@ -31,7 +31,7 @@ Version: 0.2 1. The HTTP Protocol HTTP is the protocol used to fetch data from web servers. It is a very simple protocol that is built upon TCP/IP. The protocol also allow information to protocol that is built upon TCP/IP. The protocol also allows information to get sent to the server from the client using a few different methods, as will be shown here. Loading Loading @@ -130,12 +130,12 @@ Version: 0.2 curl -d "birthyear=1905&press=OK" www.hotmail.com/when/junk.cgi This kind of POST will use the Content-Type application/x-www-form-urlencoded and is the most widly used POST kind. application/x-www-form-urlencoded and is the most widely used POST kind. 4.3 FILE UPLOAD POST Back in late 1995 they defined a new to post data over HTTP. It was documented in the RFC 1867, why this method sometimes are refered to as Back in late 1995 they defined a new way to post data over HTTP. It was documented in the RFC 1867, why this method sometimes is refered to as a rfc1867-posting. This method is mainly designed to better support file uploads. A form that Loading Loading @@ -165,7 +165,7 @@ Version: 0.2 <form method="POST" action="foobar.cgi"> <input type=text name="birthyear"> <input type=text name="person" value="daniel"> <input type=hidden name="person" value="daniel"> <input type=submit name="press" value="OK"> </form> Loading Loading @@ -209,17 +209,18 @@ Version: 0.2 Do note that when a program is run, its parameters are possible to see when listing the running processes of the system. Thus, other users may be able to watch your passwords if you pass them as plain command line options. watch your passwords if you pass them as plain command line options. There are ways to circumvent this. 7. REFERER A HTTP request has the ability to feature a 'referer' field, which can be used to tell which URL that causes the client to get this particular resource. Some programs/scripts check the referer field of requests to verify that this wasn't arriving from an external site or unknown page. While this is a stupid way to check something so easily forged, many scripts still do it. Using curl, you can put anything you want in the referer-field and thus more easily being able to fool the server into serving your request. A HTTP request may include a 'referer' field, which can be used to tell from which URL the client got to this particular resource. Some programs/scripts check the referer field of requests to verify that this wasn't arriving from an external site or an unknown page. While this is a stupid way to check something so easily forged, many scripts still do it. Using curl, you can put anything you want in the referer-field and thus more easily be able to fool the server into serving your request. Use curl to set the referer field with: Loading Loading @@ -278,10 +279,10 @@ Version: 0.2 specified in a received cookie, the client sends back the cookies and their contents to the server, unless of course they are expired. Many applications and server use this method to connect a series of request Many applications and servers use this method to connect a series of requests into a single logical session. To be able to use curl in such occations, we must be able to record and send back cookies in the way that the web application expects them. The same way browsers deal with them. must be able to record and send back cookies the way the web application expects them. The same way browsers deal with them. The simplest way to send a few cookies to the server when getting a page with curl is to add them on the command line like: Loading @@ -307,15 +308,15 @@ Version: 0.2 There are a few ways to do secure HTTP transfers. The by far most common protocol for doing this is what is generally known as HTTPS, HTTP over SSL. SSL encrypts all the data that is send and received over the network and SSL. SSL encrypts all the data that is sent and received over the network and thus makes it harder for attackers to spy on sensitive information. SSL (or TLS as the latest version of the standard is called) offers a truckload of advanced features to allow all those encryptions and key infrastructure mechanisms ecnrypted HTTP requires. infrastructure mechanisms encrypted HTTP requires. Curl supports enscrypted fetches thanks to the freely available OpenSSL libraries. To get a pafe from a https server, simply run curl like: Curl supports encrypted fetches thanks to the freely available OpenSSL libraries. To get a page from a HTTPS server, simply run curl like: curl https://that.secure.server.com Loading Loading
docs/TheArtOfHttpScripting +23 −22 Original line number Diff line number Diff line Author: Daniel Stenberg <daniel@haxx.se> Date: August 7, 2000 Version: 0.2 Date: September 15, 2000 Version: 0.3 The Art Of Scripting HTTP Requests Using Curl ============================================= Loading Loading @@ -31,7 +31,7 @@ Version: 0.2 1. The HTTP Protocol HTTP is the protocol used to fetch data from web servers. It is a very simple protocol that is built upon TCP/IP. The protocol also allow information to protocol that is built upon TCP/IP. The protocol also allows information to get sent to the server from the client using a few different methods, as will be shown here. Loading Loading @@ -130,12 +130,12 @@ Version: 0.2 curl -d "birthyear=1905&press=OK" www.hotmail.com/when/junk.cgi This kind of POST will use the Content-Type application/x-www-form-urlencoded and is the most widly used POST kind. application/x-www-form-urlencoded and is the most widely used POST kind. 4.3 FILE UPLOAD POST Back in late 1995 they defined a new to post data over HTTP. It was documented in the RFC 1867, why this method sometimes are refered to as Back in late 1995 they defined a new way to post data over HTTP. It was documented in the RFC 1867, why this method sometimes is refered to as a rfc1867-posting. This method is mainly designed to better support file uploads. A form that Loading Loading @@ -165,7 +165,7 @@ Version: 0.2 <form method="POST" action="foobar.cgi"> <input type=text name="birthyear"> <input type=text name="person" value="daniel"> <input type=hidden name="person" value="daniel"> <input type=submit name="press" value="OK"> </form> Loading Loading @@ -209,17 +209,18 @@ Version: 0.2 Do note that when a program is run, its parameters are possible to see when listing the running processes of the system. Thus, other users may be able to watch your passwords if you pass them as plain command line options. watch your passwords if you pass them as plain command line options. There are ways to circumvent this. 7. REFERER A HTTP request has the ability to feature a 'referer' field, which can be used to tell which URL that causes the client to get this particular resource. Some programs/scripts check the referer field of requests to verify that this wasn't arriving from an external site or unknown page. While this is a stupid way to check something so easily forged, many scripts still do it. Using curl, you can put anything you want in the referer-field and thus more easily being able to fool the server into serving your request. A HTTP request may include a 'referer' field, which can be used to tell from which URL the client got to this particular resource. Some programs/scripts check the referer field of requests to verify that this wasn't arriving from an external site or an unknown page. While this is a stupid way to check something so easily forged, many scripts still do it. Using curl, you can put anything you want in the referer-field and thus more easily be able to fool the server into serving your request. Use curl to set the referer field with: Loading Loading @@ -278,10 +279,10 @@ Version: 0.2 specified in a received cookie, the client sends back the cookies and their contents to the server, unless of course they are expired. Many applications and server use this method to connect a series of request Many applications and servers use this method to connect a series of requests into a single logical session. To be able to use curl in such occations, we must be able to record and send back cookies in the way that the web application expects them. The same way browsers deal with them. must be able to record and send back cookies the way the web application expects them. The same way browsers deal with them. The simplest way to send a few cookies to the server when getting a page with curl is to add them on the command line like: Loading @@ -307,15 +308,15 @@ Version: 0.2 There are a few ways to do secure HTTP transfers. The by far most common protocol for doing this is what is generally known as HTTPS, HTTP over SSL. SSL encrypts all the data that is send and received over the network and SSL. SSL encrypts all the data that is sent and received over the network and thus makes it harder for attackers to spy on sensitive information. SSL (or TLS as the latest version of the standard is called) offers a truckload of advanced features to allow all those encryptions and key infrastructure mechanisms ecnrypted HTTP requires. infrastructure mechanisms encrypted HTTP requires. Curl supports enscrypted fetches thanks to the freely available OpenSSL libraries. To get a pafe from a https server, simply run curl like: Curl supports encrypted fetches thanks to the freely available OpenSSL libraries. To get a page from a HTTPS server, simply run curl like: curl https://that.secure.server.com Loading
