HTTP basico
Intro
El primer paso es visitar una web e interactuar con ella para ver como se comporta. Podemos usar curl/httpie para interactuar y empezar a obtener informacion sobre su comportamiento. En este punto solo queremos una vision inicial. Nos servira para ver redirecciones, cookies, metodos, headers...
Nota
Lo mas facil es ir navegando por la web mientras se usa el proxy (Burp o Caido) y que vaya haciendo el crawling automaticamente.
Curl
| Comando | Descripcion |
|---|---|
curl http://target.hmv |
Peticion GET |
curl -v http://target.hmv |
Modo verbose |
curl -i http://target.hmv |
Ver headers en la respuesta |
curl -I http://target.hmv |
Ver solo headers |
curl -X POST http://target.hmv |
POST |
curl -X PUT http://target.hmv |
PUT |
curl -X DELETE http://target.hmv |
DELETE |
curl -X PATCH http://target.hmv |
PATCH |
curl -X POST -d "a=1&b=2" http://target.hmv |
POST con form data |
curl -X POST --data "user=admin" http://target.hmv |
POST alternativo |
curl -X POST -H "Content-Type: application/json" -d '{"user":"admin"}' http://target.hmv |
POST JSON |
curl -H "User-Agent: Mozilla/5.0" http://target.hmv |
Cambiar User-Agent |
curl -H "Authorization: Bearer TOKEN" http://target.hmv |
Token Bearer |
curl -u admin:admin http://target.hmv |
Basic auth |
curl -H "Cookie: session=abc123" http://target.hmv |
Enviar cookie manualente |
curl -H "Referer: http://anothersite.hmv" http://target.hmv |
Cambiar referer |
curl -b "session=abc123" http://target.hmv |
Enviar cookie |
curl -c cookies.txt http://target.hmv |
Guardar cookies |
curl -b cookies.txt http://target.hmv |
Usar cookies guardadas |
curl -F "file=@shell.php" http://target.hmv |
Upload tipico |
curl -L http://target.hmv |
Seguir redirects |
curl --max-redirs 5 http://target.hmv |
Limitar redirects |
curl --trace debug.txt http://target.hmv |
Traza detallada |
curl -k https://target.hmv |
Ignorar SSL |
curl --http2 http://target.hmv |
Forzar HTTP/2 |
HTTPie
| Comando | Descripcion |
|---|---|
http http://target.hmv |
GET |
http -v http://target.hmv |
Modo verbose (ver request/response) |
http -h http://target.hmv |
Solo headers de respuesta |
http -b http://target.hmv |
Solo body |
http POST http://target.hmv |
POST |
http PUT http://target.hmv |
PUT |
http DELETE http://target.hmv |
DELETE |
http PATCH http://target.hmv |
PATCH |
http OPTIONS http://target.hmv |
Ver metodos permitidos |
http POST http://target.hmv user=admin pass=123 |
POST form |
http PUT http://target.hmv id=1 name=test |
PUT form |
http POST http://target.hmv user:='{"admin":true}' |
JSON |
http http://target.hmv User-Agent:curl/7.0 |
Cambiar User-Agent |
http http://target.hmv Authorization:"Bearer TOKEN" |
Token auth |
http http://target.hmv Cookie:"session=abc123" |
Cookie manual |
http -v http://target.hmv |
Ver cookies en respuesta |
http --session=mysession http://target.hmv |
Guardar sesion |
http -f POST http://target.hmv file@shell.php |
Upload tipico |
http --follow http://target.hmv |
Seguir redirects |
http --max-redirects=5 http://target.hmv |
Limitar redirects |