Sunday, April 17, 2005

curl Examples


GET form:
curl ""

POST form:
curl -d "birthyear=1905&press=%20OK%20"

File Upload POST:
curl -F upload=@localfilename -F press=OK [URL]

curl -T uploadfile

The site might require a different authentication method (check the headers
returned by the server), and then --ntlm, --digest, --negotiate or even
--anyauth might be options that suit you.
Sometimes your HTTP access is only available through the use of a HTTP
proxy. This seems to be especially common at various companies. A HTTP proxy
may require its own user and password to allow the client to get through to
the Internet. To specify those with curl, run something like:

curl -U proxyuser:proxypassword

If your proxy requires the authentication to be done using the NTLM method,
use --proxy-ntlm, if it requires Digest use --proxy-digest.

If you use any one these user+password options but leave out the password
part, curl will prompt for the password interactively.

Use curl to set the referer field with:

curl -e

User Agent:
To make curl look like Internet Explorer on a Windows 2000 box:

curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL]

Or why not look like you're using Netscape 4.73 on a Linux (PIII) box:

curl -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL]

To tell curl to follow a Location:
curl -L

If you use curl to POST to a site that immediately redirects you to another
page, you can safely use -L and -d/-F together. Curl will only use POST in
the first request, and then revert to GET in the following operations.

The simplest way to send a few cookies to the server when getting a page with
curl is to add them on the command line like:

curl -b "name=Daniel"

Curl has a full blown cookie parsing engine built-in that comes to use if you
want to reconnect to a server and use cookies that were stored from a
previous connection (or handicrafted manually to fool the server into
believing you had a previous connection). To use previously stored cookies,
you run curl like:

curl -b stored_cookies_in_file

Curl's "cookie engine" gets enabled when you use the -b option. If you only
want curl to understand received cookies, use -b with a file that doesn't
exist. Example, if you want to let curl understand cookies from a page and
follow a location (and thus possibly send back cookies it received), you can
invoke it like:

curl -b nada -L

Curl has the ability to read and write cookie files that use the same file
format that Netscape and Mozilla do. It is a convenient way to share cookies
between browsers and automatic scripts. The -b switch automatically detects
if a given file is such a cookie file and parses it, and by using the
-c/--cookie-jar option you'll make curl write a new cookie file at the end of
an operation:

curl -b cookies.txt -c newcookies.txt

Curl supports encrypted fetches thanks to the freely available OpenSSL
libraries. To get a page from a HTTPS server, simply run curl like:


Use a certificate with curl on a HTTPS server

curl -E mycert.pem

Custom Request Elements

Doing fancy stuff, you may need to add or change elements of a single curl

For example, you can change the POST request to a PROPFIND and send the data
as "Content-Type: text/xml" (instead of the default Content-Type) like this:

curl -d "" -H "Content-Type: text/xml" -X PROPFIND

You can delete a default header by providing one without content. Like you
can ruin the request by chopping off the Host: header:

curl -H "Host:"

You can add headers the same way. Your server may want a "Destination:"
header, and you can add it:

curl -H "Destination:"


Many times when you run curl on a site, you'll notice that the site doesn't
seem to respond the same way to your curl requests as it does to your

Then you need to start making your curl requests more similar to your
browser's requests:

* Use the --trace-ascii option to store fully detailed logs of the requests
for easier analyzing and better understanding

* Make sure you check for and use cookies when needed (both reading with -b
and writing with -c)

* Set user-agent to one like a recent popular browser does

* Set referer like it is set by the browser

* If you use POST, make sure you send all the fields and in the same order as
the browser does it. (See chapter 4.5 above)

A very good helper to make sure you do this right, is the LiveHTTPHeader tool
that lets you view all headers you send and receive with Mozilla/Firefox
(even when using HTTPS).
Post a Comment