Basic HTTP
Intro
The first step is to visit a website and interact with it to see how it behaves.
We can use curl/httpie to interact and start gathering information about its behavior.
At this stage, we only want an initial overview.
It will help us see redirects, cookies, methods, headers...
Note
The easiest way is to browse the website while using a proxy (Burp or Caido)
and let it perform crawling automatically.
Curl
| Command | Description |
|---|---|
curl http://target.hmv |
GET request |
curl -v http://target.hmv |
Verbose mode |
curl -i http://target.hmv |
Show headers in the response |
curl -I http://target.hmv |
Show only headers |
curl -X POST http://target.hmv |
POST |
curl -X PUT http://target.hmv |
PUT |
curl -X DELETE http://target.hmv |
DELETE |
curl -X PATCH http://target.hmv |
PATCH |
curl -X POST -d "a=1&b=2" http://target.hmv |
POST with form data |
curl -X POST --data "user=admin" http://target.hmv |
Alternative POST |
curl -X POST -H "Content-Type: application/json" -d '{"user":"admin"}' http://target.hmv |
POST JSON |
curl -H "User-Agent: Mozilla/5.0" http://target.hmv |
Change User-Agent |
curl -H "Authorization: Bearer TOKEN" http://target.hmv |
Bearer token |
curl -u admin:admin http://target.hmv |
Basic auth |
curl -H "Cookie: session=abc123" http://target.hmv |
Send cookie manually |
curl -H "Referer: http://anothersite.hmv" http://target.hmv |
Change referer |
curl -b "session=abc123" http://target.hmv |
Send cookie |
curl -c cookies.txt http://target.hmv |
Save cookies |
curl -b cookies.txt http://target.hmv |
Use saved cookies |
curl -F "file=@shell.php" http://target.hmv |
Typical upload |
curl -L http://target.hmv |
Follow redirects |
curl --max-redirs 5 http://target.hmv |
Limit redirects |
curl --trace debug.txt http://target.hmv |
Detailed trace |
curl -k https://target.hmv |
Ignore SSL |
curl --http2 http://target.hmv |
Force HTTP/2 |
HTTPie
| Command | Description |
|---|---|
http http://target.hmv |
GET |
http -v http://target.hmv |
Verbose mode (see request/response) |
http -h http://target.hmv |
Only response headers |
http -b http://target.hmv |
Only body |
http POST http://target.hmv |
POST |
http PUT http://target.hmv |
PUT |
http DELETE http://target.hmv |
DELETE |
http PATCH http://target.hmv |
PATCH |
http OPTIONS http://target.hmv |
Show allowed methods |
http POST http://target.hmv user=admin pass=123 |
POST form |
http PUT http://target.hmv id=1 name=test |
PUT form |
http POST http://target.hmv user:='{"admin":true}' |
JSON |
http http://target.hmv User-Agent:curl/7.0 |
Change User-Agent |
http http://target.hmv Authorization:"Bearer TOKEN" |
Token auth |
http http://target.hmv Cookie:"session=abc123" |
Manual cookie |
http -v http://target.hmv |
View cookies in response |
http --session=mysession http://target.hmv |
Save session |
http -f POST http://target.hmv file@shell.php |
Typical upload |
http --follow http://target.hmv |
Follow redirects |
http --max-redirects=5 http://target.hmv |
Limit redirects |