curl介绍
curl是一个命令行工具,常用于发送http请求。在windows下,我常用postman来发送请求,现在常用Linux、Mac系统,因此,今天详细学习一下curl。
命令参数
Usage: curl [options...] <url> --abstract-unix-socket <path> Connect via abstract Unix domain socket --alt-svc <file name> Enable alt-svc with this cache file --anyauth Pick any authentication method -a, --append Append to target file when uploading --aws-sigv4 <provider1[:provider2[:region[:service]]]> Use AWS V4 signature authentication --basic Use HTTP Basic Authentication --cacert <file> CA certificate to verify peer against --capath <dir> CA directory to verify peer against -E, --cert <certificate[:password]> Client certificate file and password --cert-status Verify the status of the server cert via OCSP-staple --cert-type <type> Certificate type (DER/PEM/ENG) --ciphers <list of ciphers> SSL ciphers to use --compressed Request compressed response --compressed-ssh Enable SSH compression -K, --config <file> Read config from a file --connect-timeout <fractional seconds> Maximum time allowed for connection --connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host -C, --continue-at <offset> Resumed transfer offset -b, --cookie <data|filename> Send cookies from string/file -c, --cookie-jar <filename> Write cookies to <filename> after operation --create-dirs Create necessary local directory hierarchy --create-file-mode <mode> File mode (octal) for created files --crlf Convert LF to CRLF in upload --crlfile <file> Use this CRL list --curves <algorithm list> (EC) TLS key exchange algorithm(s) to request -d, --data <data> HTTP POST data --data-ascii <data> HTTP POST ASCII data --data-binary <data> HTTP POST binary data --data-raw <data> HTTP POST data, '@' allowed --data-urlencode <data> HTTP POST data url encoded --delegation <LEVEL> GSS-API delegation permission --digest Use HTTP Digest Authentication -q, --disable Disable .curlrc --disable-eprt Inhibit using EPRT or LPRT --disable-epsv Inhibit using EPSV --disallow-username-in-url Disallow username in url --dns-interface <interface> Interface to use for DNS requests --dns-ipv4-addr <address> IPv4 address to use for DNS requests --dns-ipv6-addr <address> IPv6 address to use for DNS requests --dns-servers <addresses> DNS server addrs to use --doh-cert-status Verify the status of the DoH server cert via OCSP-staple --doh-insecure Allow insecure DoH server connections --doh-url <URL> Resolve host names over DoH -D, --dump-header <filename> Write the received headers to <filename> --egd-file <file> EGD socket path for random data --engine <name> Crypto engine to use --etag-compare <file> Pass an ETag from a file as a custom header --etag-save <file> Parse ETag from a request and save it to a file --expect100-timeout <seconds> How long to wait for 100-continue -f, --fail Fail silently (no output at all) on HTTP errors --fail-early Fail on first transfer error, do not continue --fail-with-body Fail on HTTP errors but save the body --false-start Enable TLS False Start -F, --form <name=content> Specify multipart MIME data --form-string <name=string> Specify multipart MIME data --ftp-account <data> Account data string --ftp-alternative-to-user <command> String to replace USER [name] --ftp-create-dirs Create the remote dirs if not present --ftp-method <method> Control CWD usage --ftp-pasv Use PASV/EPSV instead of PORT -P, --ftp-port <address> Use PORT instead of PASV --ftp-pret Send PRET before PASV --ftp-skip-pasv-ip Skip the IP address for PASV --ftp-ssl-ccc Send CCC after authenticating --ftp-ssl-ccc-mode <active/passive> Set CCC mode --ftp-ssl-control Require SSL/TLS for FTP login, clear for transfer -G, --get Put the post data in the URL and use GET -g, --globoff Disable URL sequences and ranges using {} and [] --happy-eyeballs-timeout-ms <milliseconds> Time for IPv6 before trying IPv4 --haproxy-protocol Send HAProxy PROXY protocol v1 header -I, --head Show document info only -H, --header <header/@file> Pass custom header(s) to server -h, --help <category> Get help for commands --hostpubmd5 <md5> Acceptable MD5 hash of the host public key --hsts <file name> Enable HSTS with this cache file --http0.9 Allow HTTP 0.9 responses -0, --http1.0 Use HTTP 1.0 --http1.1 Use HTTP 1.1 --http2 Use HTTP 2 --http2-prior-knowledge Use HTTP 2 without HTTP/1.1 Upgrade --http3 Use HTTP v3 --ignore-content-length Ignore the size of the remote resource -i, --include Include protocol response headers in the output -k, --insecure Allow insecure server connections when using SSL --interface <name> Use network INTERFACE (or address) -4, --ipv4 Resolve names to IPv4 addresses -6, --ipv6 Resolve names to IPv6 addresses -j, --junk-session-cookies Ignore session cookies read from file --keepalive-time <seconds> Interval time for keepalive probes --key <key> Private key file name --key-type <type> Private key file type (DER/PEM/ENG) --krb <level> Enable Kerberos with security <level> --libcurl <file> Dump libcurl equivalent code of this command line --limit-rate <speed> Limit transfer speed to RATE -l, --list-only List only mode --local-port <num/range> Force use of RANGE for local port numbers -L, --location Follow redirects --location-trusted Like --location, and send auth to other hosts --login-options <options> Server login options --mail-auth <address> Originator address of the original email --mail-from <address> Mail from this address --mail-rcpt <address> Mail to this address --mail-rcpt-allowfails Allow RCPT TO command to fail for some recipients -M, --manual Display the full manual --max-filesize <bytes> Maximum file size to download --max-redirs <num> Maximum number of redirects allowed -m, --max-time <fractional seconds> Maximum time allowed for the transfer --metalink Process given URLs as metalink XML file --negotiate Use HTTP Negotiate (SPNEGO) authentication -n, --netrc Must read .netrc for user name and password --netrc-file <filename> Specify FILE for netrc --netrc-optional Use either .netrc or URL -:, --next Make next URL use its separate set of options --no-alpn Disable the ALPN TLS extension -N, --no-buffer Disable buffering of the output stream --no-keepalive Disable TCP keepalive on the connection --no-npn Disable the NPN TLS extension --no-progress-meter Do not show the progress meter --no-sessionid Disable SSL session-ID reusing --noproxy <no-proxy-list> List of hosts which do not use proxy --ntlm Use HTTP NTLM authentication --ntlm-wb Use HTTP NTLM authentication with winbind --oauth2-bearer <token> OAuth 2 Bearer Token -o, --output <file> Write to file instead of stdout --output-dir <dir> Directory to save files in -Z, --parallel Perform transfers in parallel --parallel-immediate Do not wait for multiplexing (with --parallel) --parallel-max <num> Maximum concurrency for parallel transfers --pass <phrase> Pass phrase for the private key --path-as-is Do not squash .. sequences in URL path --pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against --post301 Do not switch to GET after following a 301 --post302 Do not switch to GET after following a 302 --post303 Do not switch to GET after following a 303 --preproxy [protocol://]host[:port] Use this proxy first -#, --progress-bar Display transfer progress as a bar --proto <protocols> Enable/disable PROTOCOLS --proto-default <protocol> Use PROTOCOL for any URL missing a scheme --proto-redir <protocols> Enable/disable PROTOCOLS on redirect -x, --proxy [protocol://]host[:port] Use this proxy --proxy-anyauth Pick any proxy authentication method --proxy-basic Use Basic authentication on the proxy --proxy-cacert <file> CA certificate to verify peer against for proxy --proxy-capath <dir> CA directory to verify peer against for proxy --proxy-cert <cert[:passwd]> Set client certificate for proxy --proxy-cert-type <type> Client certificate type for HTTPS proxy --proxy-ciphers <list> SSL ciphers to use for proxy --proxy-crlfile <file> Set a CRL list for proxy --proxy-digest Use Digest authentication on the proxy --proxy-header <header/@file> Pass custom header(s) to proxy --proxy-insecure Do HTTPS proxy connections without verifying the proxy --proxy-key <key> Private key for HTTPS proxy --proxy-key-type <type> Private key file type for proxy --proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy --proxy-ntlm Use NTLM authentication on the proxy --proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy --proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with --proxy-service-name <name> SPNEGO proxy service name --proxy-ssl-allow-beast Allow security flaw for interop for HTTPS proxy --proxy-ssl-auto-client-cert Use auto client certificate for proxy (Schannel) --proxy-tls13-ciphers <ciphersuite list> TLS 1.3 proxy cipher suites --proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy --proxy-tlspassword <string> TLS password for HTTPS proxy --proxy-tlsuser <name> TLS username for HTTPS proxy --proxy-tlsv1 Use TLSv1 for HTTPS proxy -U, --proxy-user <user:password> Proxy user and password --proxy1.0 <host[:port]> Use HTTP/1.0 proxy on given port -p, --proxytunnel Operate through an HTTP proxy tunnel (using CONNECT) --pubkey <key> SSH Public key file name -Q, --quote <command> Send command(s) to server before transfer --random-file <file> File for reading random data from -r, --range <range> Retrieve only the bytes within RANGE --raw Do HTTP "raw"; no transfer decoding -e, --referer <URL> Referrer URL -J, --remote-header-name Use the header-provided filename -O, --remote-name Write output to a file named as the remote file --remote-name-all Use the remote file name for all URLs -R, --remote-time Set the remote file's time on the local output -X, --request <command> Specify request command to use --request-target <path> Specify the target for this request --resolve <[+]host:port:addr[,addr]...> Resolve the host+port to this address --retry <num> Retry request if transient problems occur --retry-all-errors Retry all errors (use with --retry) --retry-connrefused Retry on connection refused (use with --retry) --retry-delay <seconds> Wait time between retries --retry-max-time <seconds> Retry only within this period --sasl-authzid <identity> Identity for SASL PLAIN authentication --sasl-ir Enable initial response in SASL authentication --service-name <name> SPNEGO service name -S, --show-error Show error even when -s is used -s, --silent Silent mode --socks4 <host[:port]> SOCKS4 proxy on given host + port --socks4a <host[:port]> SOCKS4a proxy on given host + port --socks5 <host[:port]> SOCKS5 proxy on given host + port --socks5-basic Enable username/password auth for SOCKS5 proxies --socks5-gssapi Enable GSS-API auth for SOCKS5 proxies --socks5-gssapi-nec Compatibility with NEC SOCKS5 server --socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API --socks5-hostname <host[:port]> SOCKS5 proxy, pass host name to proxy -Y, --speed-limit <speed> Stop transfers slower than this -y, --speed-time <seconds> Trigger 'speed-limit' abort after this time --ssl Try SSL/TLS --ssl-allow-beast Allow security flaw to improve interop --ssl-auto-client-cert Use auto client certificate (Schannel) --ssl-no-revoke Disable cert revocation checks (Schannel) --ssl-reqd Require SSL/TLS --ssl-revoke-best-effort Ignore missing/offline cert CRL dist points -2, --sslv2 Use SSLv2 -3, --sslv3 Use SSLv3 --stderr <file> Where to redirect stderr --styled-output Enable styled output for HTTP headers --suppress-connect-headers Suppress proxy CONNECT response headers --tcp-fastopen Use TCP Fast Open --tcp-nodelay Use the TCP_NODELAY option -t, --telnet-option <opt=val> Set telnet option --tftp-blksize <value> Set TFTP BLKSIZE option --tftp-no-options Do not send any TFTP options -z, --time-cond <time> Transfer based on a time condition --tls-max <VERSION> Set maximum allowed TLS version --tls13-ciphers <ciphersuite list> TLS 1.3 cipher suites to use --tlsauthtype <type> TLS authentication type --tlspassword <string> TLS password --tlsuser <name> TLS user name -1, --tlsv1 Use TLSv1.0 or greater --tlsv1.0 Use TLSv1.0 or greater --tlsv1.1 Use TLSv1.1 or greater --tlsv1.2 Use TLSv1.2 or greater --tlsv1.3 Use TLSv1.3 or greater --tr-encoding Request compressed transfer encoding --trace <file> Write a debug trace to FILE --trace-ascii <file> Like --trace, but without hex output --trace-time Add time stamps to trace/verbose output --unix-socket <path> Connect through this Unix domain socket -T, --upload-file <file> Transfer local FILE to destination --url <url> URL to work with -B, --use-ascii Use ASCII/text transfer -u, --user <user:password> Server user and password -A, --user-agent <name> Send User-Agent <name> to server -v, --verbose Make the operation more talkative -V, --version Show version number and quit -w, --write-out <format> Use output FORMAT after completion --xattr Store metadata in extended file attributes
通过curl --help all帮助命令,我们可以看到所有的选项,这里学几个常用的选项
无选项
命令
curl http://httpbin.org
结果
命令行结果
可以看到返回了html页面
wireshark抓包结果
可以看到curl发送了一个HTTP1.1的GET请求,添加了请求头HOST、User-Agent和Accept。其中User-Agent是版本。
可以看到httpbin.org的响应包含了头部和数据,数据就是curl显示的html页面代码。那么头部curl如何显示呢?请继续阅读。
请求头
仅显示返回的头部
-I选项
命令
curl http://httpbin.org -I
结果
可以看到仅显示了头部
保存返回的头部
-D <filename>
命令
curl http://httpbin.org -D recv_head.txt
结果
可以看到添加了将返回数据包的头部保存到E盘下recv_head.txt文件的选项,打开文件
可以看到和前面抓包的结果一样。
添加请求头
-H <header/@file>
请求头使用key: value的形式
命令
curl -H "blog: lady_killer9" -H "User-Agent: firefox" http://httpbin.org
结果
可以看到覆盖了自带的User-Agent,添加了新的请求头部blog
覆盖User-Agent的值
UserAgent是经常用的,可以使用-A直接替换value
-A <name>
命令
curl -A chrome http://httpbin.org
结果
可以看到User-Agent修改了
GET请求
默认发送的就是GET请求,这里说一下如何添加参数。一般在url上使用?添加参数即可,注意,如果不转义的话,使用双引号。
也可以使用-G选项配合-d选项添加
POST请求
-X指定请求,-d添加数据
-X <command> -d <data>
表单
curl -X POST -d "blog=lady_killer&name=9" http://httpbin.org/post
可以看到添加了curl相比GET又添加了两个请求头Content-Length和Content-Type
json
在学http协议的时候,我们学习了http的很多头部,其中Content-Type头部指定了类型,postman能够发送很多类型,如下图所示
其中,json格式的数据是最常用的,对应的Content-Type是"application/json"
curl -H "Content-Type:application/json" -X POST -d "{blog:lady_killer,name:9}" http://httpbin.org/post
显示详细信息
-v 选项
输出到文件
-o选项
-o <file>
参考
更多内容查看:网络安全-自学笔记
喜欢本文的请动动小手点个赞,收藏一下,有问题请下方评论,转载请注明出处,并附有原文链接,谢谢!如有侵权,请及时联系。如果您感觉有所收获,自愿打赏,可选择支付宝18833895206(小于),您的支持是我不断更新的动力。
**关注博主公众号,获取网络安全知识、大厂内推等更多福利、加我微信,备注 CSDN 为什么加我 你的名字 **
