How to use curl to manipulate HTTP and HTTPS requests
In your hacking journey you might need to manipulate an HTTP request, either change the cookies, or the user-agent, or any other part of the request. This could be useful if you want to impersonate someone.
Well you can use several tools to do this, such as Burp or curl. Those are the ones that I use the most. In this post we will be focusing on curl.
What is curl?
curl is a command line tool for transferring data. Nowadays curl supports a ton of communication protocols such has POP3, HTTP, HTTPS, IMAP, just to name a few. For our particular case we will be looking into HTTP and HTTPS.
How to use curl?
Before we start manipulating any HTTP requests we might first want to learn how to perform a simple and correct request with curl.curl ‘https://curl.se/’ This is a simple curl request. This request simply connects to the https://curl.se and gets the HTML document of the page.
However, this request is missing some usual HTTP headers, for example, we do not have the user-agent. To add it to the request, we simply have to:
curl ‘https://curl.se/’ -H ‘user-agent: I am using Chrome browser’
If you look carefully at the command above we have a flag: -H before the ‘user-agent’ information. This flag represents an Header and it simply lets the curl command know that after this -H it is a header, in this case, we have the user-agent header.
It is possible to add several other headers, all you have to do is add a new -H and add the new header, here is an example in which we added the referer.
curl ‘https://curl.se/’ -H ‘user-agent: I am using Chrome browser’ \ -H ‘referer: I come from google’
The referer header states from which page you came before going to the curl.se website.
Before moving on, I would like to mention that the values for the headers user-agent and referer were added by me. If you make a real request there is going to be a default user-agent header and the referer will be the actual website you came from.
Example of site manipulation with curl
In a few of my CTF practice challenges I have stumbled across a few challenges in which it was relevant to manipulate the HTTP headers, in particular cookies, but not exclusively.
One example is the PicoCTF challenge picobrowser.
In this challenge, I was required to use the picobrowser to be able to get access to the flag. However, I knew that I could manipulate the request and “deceive” the server into believing that I am on the picobrowser. To do so I manipulated the request by changing the “user-agent” header to picobrowser.
Once the server received the request it went to the user-agent header to verify if it is picobrowser. And, after the manipulation, the server verified that the user-agent was picobrowser giving me access to the flag.
If you want you can read my writeup to see how exactly I did that. But the important message to take is that it can be relevant for CTF challenges, for hacking or just to bypass some issue to manipulate HTTP requests. Among several tools, you can use curl.
Hope this helped, happy hacking and leave a comment down below if you have questions or suggestions.
Thank you very much for reading!
Cheers,
MRegra