cURL is a very useful utility to perform HTTP/HTTPS operations from the command line. Many times during a web application pentest you need to send an HTTP POST to a login form (e.g. brute force a login to the site). Here's the very simple way to do it, assuming you the form parameters are called username and password.

curl -d "username=SOMEUSER&password=SOMEPASS" -k https://some.website.com/loginform.jsp

The "-d" indicates you are including data for a POST, the -k says ignore SSL certificate warnings from the remote site.

Using curl is really only good for doing quick spot checks, to do large scale brute forcing I'd recommend using THC Hydra, the super useful perl module libwww-perl aka LWP, or Nessus which has incorporated Hydra. On Windows, Brutus works.

[ add comment ] ( 1149 views )   |  permalink

---

<<First <Back | 1 | 2 | 3 | Next> Last>>

All information on this blog copyright Goonda Security Inc. - Page Generated in 0.119 seconds